CVE-2012-4556: Input Validation

First published: Wed Oct 24 2012(Updated: )

A temporary denial of service flaw was found in the way token processing system of Certificate System processed user certificate search queries with certain empty search fields. A remote attacker could use this flaw to cause the main Apache httpd web server broker it to need to restart (resulting into situation where the client would obtain connection reset instead of proper error message), leading to (temporary) denial of service (resulting into any users currently in the middle of enrolling tokens to experience a connection drop and their in progress operation to be terminated).

Credit: secalert@redhat.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/author
• agent/weakness
• agent/severity
• agent/description
• agent/type
• agent/softwarecombine
• agent/first-publish-date
• agent/last-modified-date
• agent/tags
• agent/references
• agent/event
• collector/mitre-cve
• source/MITRE
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2012-4556
• vendor/redhat
• canonical/redhat certificate system
• version/redhat certificate system/8.1.1
• version/redhat certificate system/7.1
• version/redhat certificate system/7.2
• version/redhat certificate system/7.3
• version/redhat certificate system/8.0
• version/redhat certificate system/8.1