CVE-2017-6594

EPSS 0.25%
Veröffentlicht 28.08.2017 19:29:01
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Heimdal Project ≫ Heimdal Version <= 7.2.0

Opensuse ≫ Leap Version42.2

Opensuse ≫ Leap Version42.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.48

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

http://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html

Third Party Advisory

http://www.h5l.org/advisories.html?show=2017-04-13

Vendor Advisory

https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837

Patch

Third Party Advisory

Issue Tracking

https://github.com/heimdal/heimdal/releases/tag/heimdal-7.3.0

Patch

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-6594

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-6594

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-6594

EUVD