{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-07-02T00:00:00", "descriptions": [{"lang": "en", "value": "Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "30062", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30062"}, {"name": "rhcs-rhpkicommon-csr-security-bypass(43573)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43573"}, {"name": "RHSA-2008:0500", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2008-0500.html"}, {"name": "1020427", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020427"}, {"name": "RHSA-2008:0577", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2008-0577.html"}, {"name": "30929", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30929"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=445227"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:32:01.466Z"}, "title": "CVE Program Container", "references": [{"name": "30062", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30062"}, {"name": "rhcs-rhpkicommon-csr-security-bypass(43573)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43573"}, {"name": "RHSA-2008:0500", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2008-0500.html"}, {"name": "1020427", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020427"}, {"name": "RHSA-2008:0577", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2008-0577.html"}, {"name": "30929", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30929"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=445227"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-1676", "datePublished": "2008-07-07T23:00:00", "dateReserved": "2008-04-03T00:00:00", "dateUpdated": "2024-08-07T08:32:01.466Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:certificate_system:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "A94B7103-11B7-4B1E-AE02-86210F9CCCAA", "vulnerable": false}, {"criteria": "cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "27FE079E-FB15-443C-BE2E-1D4C940BB8C0", "vulnerable": false}, {"criteria": "cpe:2.3:a:redhat:certificate_system:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "E2654E6A-190C-4D5C-ABC0-89011DD8E293", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:netscape:certificate_management_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "946E7D94-5FD5-40C2-B67A-14C0D13CDDAB", "versionEndIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:netscape:certificate_management_system:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "8D852DF7-F08A-4EAC-B7BB-D3384CA0B9B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:netscape:certificate_management_system:6.01:*:*:*:*:*:*:*", "matchCriteriaId": "5DD96E83-2151-4AFE-B3B3-E9CCF69D4B77", "vulnerable": true}, {"criteria": "cpe:2.3:a:netscape:certificate_management_system:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "A3F95B08-2AC6-4452-9BA3-26C80D3FABE7", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate."}, {"lang": "es", "value": "Red Hat PKI Common Framework (rhpki-common) de Red Hat Certificate System (tambi\u00e9n conocido como Certificate Server o RHCS) 7.1 hasta 7.3, y Netscape Certificate Management System 6.x; no reconocen las restricciones de perfil de la Autoridad Certificadora en Extensions, esto puede permitir a atacantes remotos evitar las restricciones pretendidas y realizar ataques de hombre-en-medio (man-in-the-middle) al enviar una Solicitud de Firma de Certificado (certificate signing request (CSR)) y utilizar el certificado resultante."}], "id": "CVE-2008-1676", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-07-07T23:41:00.000", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://rhn.redhat.com/errata/RHSA-2008-0500.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://rhn.redhat.com/errata/RHSA-2008-0577.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/30929"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/30062"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1020427"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=445227"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43573"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://rhn.redhat.com/errata/RHSA-2008-0500.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://rhn.redhat.com/errata/RHSA-2008-0577.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30929"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/30062"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1020427"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=445227"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43573"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2008:0577", "cpe": "cpe:/a:redhat:certificate_system:7.2", "package": "rhpki-common-0:7.2.0-11", "product_name": "Red Hat Certificate System 7.2 for RHEL 4", "release_date": "2008-07-02T00:00:00Z"}, {"advisory": "RHSA-2008:0500", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-common-0:7.3.0-29.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2008-07-02T00:00:00Z"}], "bugzilla": {"description": "System: incorrect handling of Extensions in CSRs (cs71)", "id": "445227", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=445227"}, "csaw": false, "cvss": {"cvss_base_score": "7.5", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-297", "details": ["Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate System (aka Certificate Server or RHCS) 7.1 through 7.3, and Netscape Certificate Management System 6.x, does not recognize Certificate Authority profile constraints on Extensions, which might allow remote attackers to bypass intended restrictions and conduct man-in-the-middle attacks by submitting a certificate signing request (CSR) and using the resulting certificate."], "name": "CVE-2008-1676", "public_date": "2008-07-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-1676\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-1676"], "threat_severity": "Important"}

{}