CVE-2012-4556: Input Validation
First published: Wed Oct 24 2012(Updated: )
A temporary denial of service flaw was found in the way token processing system of Certificate System processed user certificate search queries with certain empty search fields. A remote attacker could use this flaw to cause the main Apache httpd web server broker it to need to restart (resulting into situation where the client would obtain connection reset instead of proper error message), leading to (temporary) denial of service (resulting into any users currently in the middle of enrolling tokens to experience a connection drop and their in progress operation to be terminated).
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IETF X.509 Certificate | <=8.1.1 | |
| IETF X.509 Certificate | =7.1 | |
| IETF X.509 Certificate | =7.2 | |
| IETF X.509 Certificate | =7.3 | |
| IETF X.509 Certificate | =8.0 | |
| IETF X.509 Certificate | =8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2012-1550.html
- http://secunia.com/advisories/51482
- http://www.securityfocus.com/bid/56843
- http://www.securitytracker.com/id?1027846
- https://bugzilla.redhat.com/show_bug.cgi?id=869579
- https://access.redhat.com/security/cve/CVE-2012-4556
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=884830
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=884831
- https://rhn.redhat.com/errata/RHSA-2012-1550.html
Frequently Asked Questions
What is the severity of CVE-2012-4556?
CVE-2012-4556 has been classified with a moderate severity level due to its potential to cause a temporary denial of service.
How do I fix CVE-2012-4556?
To fix CVE-2012-4556, it is recommended to update the affected Red Hat Certificate System to a version that is not vulnerable.
What versions of Red Hat Certificate System are affected by CVE-2012-4556?
CVE-2012-4556 affects Red Hat Certificate System versions 7.1, 7.2, 7.3, and 8.1.1, as well as versions 8.0 and 8.1.
Can CVE-2012-4556 be exploited remotely?
Yes, an attacker can exploit CVE-2012-4556 remotely by using specific empty search fields in user certificate queries.
What are the consequences of exploiting CVE-2012-4556?
Exploiting CVE-2012-4556 can result in a temporary denial of service that forces the main Apache HTTP server to restart.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-4556
- agent/severity
- agent/references
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/ietf x.509 certificate
- version/ietf x.509 certificate/8.1.1
- version/ietf x.509 certificate/7.1
- version/ietf x.509 certificate/7.2
- version/ietf x.509 certificate/7.3
- version/ietf x.509 certificate/8.0
- version/ietf x.509 certificate/8.1