Input Validation Flaw in Red Hat Certificate System Client Certificates
CVE-2017-7509

3.5LOW

Key Information:

Vendor: Red Hat
Status: Certificate System
Vendor: CVE Published:; 26 July 2018

🔔 Create Red Hat Vulnerability Alert

What is CVE-2017-7509?

An input validation error was identified in the handling of client-provided certificates in Red Hat Certificate System. When the certreq field is absent in a certificate, an assertion error occurs, which may lead to a denial of service, disrupting normal operations and access to the system.

Affected Version(s)

Certificate System pki-common-8.1.20-1

References

https://access.redhat.com/errata/RHSA-2017:2560

vendor-advisoryx_refsource_REDHAT

http://www.securitytracker.com/id/1039248

vdb-entryx_refsource_SECTRACK

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7509

x_refsource_CONFIRM

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 26, 2018
Vulnerability Reserved
Apr 5, 2017

.