CVE-2017-6594

EPSS 0.25%
Published 28.08.2017 19:29:01
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Heimdal Project ≫ Heimdal Version <= 7.2.0

Opensuse ≫ Leap Version42.2

Opensuse ≫ Leap Version42.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.453

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

http://lists.opensuse.org/opensuse-updates/2017-08/msg00062.html

Third Party Advisory

http://www.h5l.org/advisories.html?show=2017-04-13

Vendor Advisory

https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837

Patch

Third Party Advisory

Issue Tracking

https://github.com/heimdal/heimdal/releases/tag/heimdal-7.3.0

Patch

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-6594

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-6594

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-6594

EUVD