Release date: 2012-12-06 update date: 2012-12-08 affected system: RedHatCertificateSystem8RedHatCertificateSystem Description: describugtraqid: 56843CVE
Release date: 2012-6 6
Updated on: 2012-12-08
Affected Systems:
RedHat Certificate System 8
RedHat Certificate System
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56843
CVE (CAN) ID: CVE-2012-4543
Red Hat Certificate System is a software System that manages enterprise-level PKI deployment.
The Red Hat Certificate System (RHCS) 'displaycrl 'script does not validate the validity of the content of the 'pagestart' and 'pagesize' parameters. In addition, the 'profileprocess' script does not validate the validity of the content with the 'nonce 'parameter. Attackers can exploit these vulnerabilities to launch XSS attacks against users using the Certificate System Web.
<* Source: Red Hat
Link: https://access.redhat.com/security/cve/CVE-2012-4543
Https://bugzilla.redhat.com/show_bug.cgi? CVE-2012-4543
Https://www.redhat.com/support/errata/RHSA-2012-1550.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
RedHat
------
For this reason, RedHat has released a Security Bulletin (RHSA-2012: 1550-01) and patch:
RHSA-2012: 1550-01: Moderate: pki security update
Link: https://www.redhat.com/support/errata/RHSA-2012-1550.html