CVE-2007-4994

Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL.

Published: Nov 6, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-4994
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-255

Affected Software
References

Software	From	Fixed in
redhat / certificate_server	7.2	7.2.x

http://osvdb.org/40440
http://secunia.com/advisories/27557
http://www.redhat.com/support/errata/RHSA-2007-0934.html
http://www.securityfocus.com/bid/26377
http://www.securitytracker.com/id?1020532
http://www.vupen.com/english/advisories/2007/3405
http://www.vupen.com/english/advisories/2007/3406
https://rhn.redhat.com/errata/RHSA-2008-0566.html

Vulnerability Database

289,599

CVE-2007-4994