7.9

CVE-2012-5484

The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatFreeipa Version2.0.0
RedhatFreeipa Version2.0.1
RedhatFreeipa Version2.1.0
RedhatFreeipa Version2.1.1
RedhatFreeipa Version2.1.3
RedhatFreeipa Version2.1.4
RedhatFreeipa Version2.2.1
RedhatFreeipa Version3.0.0
RedhatFreeipa Version3.0.1
RedhatFreeipa Version3.0.2
RedhatFreeipa Version3.1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.56% 0.419
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.9 5.5 10
AV:A/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=31e41eea6c2322689826e6065ceba82551c565aa
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=91f4af7e6af53e1c6bf17ed36cb2161863eddae4
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a1991aeac19c3fec1fdd0d184c6760c90c9f9fc9
http://git.fedorahosted.org/cgit/freeipa.git/commit/?id=a40285c5a0288669b72f9d991508d4405885bffc
http://rhn.redhat.com/errata/RHSA-2013-0188.html
http://rhn.redhat.com/errata/RHSA-2013-0189.html
http://www.freeipa.org/page/CVE-2012-5484
Vendor Advisory
http://www.freeipa.org/page/Releases/3.1.2