CVE-2012-3367 Information

Description

Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate.

Reference

http://osvdb.org/84098 http://rhn.redhat.com/errata/RHSA-2012-1103.html http://secunia.com/advisories/50013 http://www.securityfocus.com/bid/54608 http://www.securitytracker.com/id?1027284 https://bugzilla.redhat.com/show_bug.cgi?id=836268 https://exchange.xforce.ibmcloud.com/vulnerabilities/77102 https://fedorahosted.org/pki/changeset/2430