RedHatCertificateSystem 'displaycrl 'and 'profileprocess' script XSS vulnerabilities

Release date: 2012-12-06 update date: 2012-12-08 affected system: RedHatCertificateSystem8RedHatCertificateSystem Description: describugtraqid: 56843CVE

Release date: 2012-6 6
Updated on: 2012-12-08

Affected Systems:
RedHat Certificate System 8
RedHat Certificate System
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56843
CVE (CAN) ID: CVE-2012-4543

Red Hat Certificate System is a software System that manages enterprise-level PKI deployment.

The Red Hat Certificate System (RHCS) 'displaycrl 'script does not validate the validity of the content of the 'pagestart' and 'pagesize' parameters. In addition, the 'profileprocess' script does not validate the validity of the content with the 'nonce 'parameter. Attackers can exploit these vulnerabilities to launch XSS attacks against users using the Certificate System Web.

<* Source: Red Hat

Link: https://access.redhat.com/security/cve/CVE-2012-4543
Https://bugzilla.redhat.com/show_bug.cgi? CVE-2012-4543
Https://www.redhat.com/support/errata/RHSA-2012-1550.html
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

RedHat
------
For this reason, RedHat has released a Security Bulletin (RHSA-2012: 1550-01) and patch:

RHSA-2012: 1550-01: Moderate: pki security update

Link: https://www.redhat.com/support/errata/RHSA-2012-1550.html