CVE-2007-4594
Summary
| CVE | CVE-2007-4594 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-08-29 22:17:00 UTC |
| Updated | 2017-07-29 01:33:00 UTC |
| Description | Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
Risk And Classification
Problem Types: CWE-255
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Entrust | Entelligence Security Provider | 8 | All | All | All |
| Application | Entrust | Entelligence Security Provider | 8 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Entrust ESP Certificate Path Verification Vulnerability | BID | www.securityfocus.com | Patch |
| About Secunia Research | Flexera | SECUNIA | secunia.com | Patch, Vendor Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.