CVE-2008-1676
Summary
| CVE | CVE-2008-1676 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-07-07 23:41:00 UTC |
| Updated | 2023-02-13 02:18:00 UTC |
| Description | Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate. |
Risk And Classification
Problem Types: CWE-255
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Netscape | Certificate Management System | 6.0 | All | All | All |
| Application | Netscape | Certificate Management System | 6.01 | All | All | All |
| Application | Netscape | Certificate Management System | 6.1 | All | All | All |
| Application | Netscape | Certificate Management System | 6.0 | All | All | All |
| Application | Netscape | Certificate Management System | 6.01 | All | All | All |
| Application | Netscape | Certificate Management System | 6.1 | All | All | All |
| Application | Netscape | Certificate Management System | All | All | All | All |
| Application | Redhat | Certificate System | 7.1 | All | All | All |
| Application | Redhat | Certificate System | 7.2 | All | All | All |
| Application | Redhat | Certificate System | 7.3 | All | All | All |
| Application | Redhat | Certificate System | 7.1 | All | All | All |
| Application | Redhat | Certificate System | 7.2 | All | All | All |
| Application | Redhat | Certificate System | 7.3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2008-1676 - Red Hat Customer Portal | MISC | access.redhat.com | |
| Bug 445227 – CVE-2008-1676 Certificate System: incorrect handling of Extensions in CSRs (cs71) | CONFIRM | bugzilla.redhat.com | |
| Red Hat Certificate System CSR Extension Handling Bug May Let Users Bypass Security Policy - SecurityTracker | SECTRACK | www.securitytracker.com | |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | Patch |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Certificate System rhpki-common Security Bypass Weakness | BID | www.securityfocus.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| rhn.redhat.com | Red Hat Support | REDHAT | rhn.redhat.com | Patch |
| Red Hat update for rhpki-common - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.