{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-08T00:00:00", "descriptions": [{"lang": "en", "value": "Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-11-14T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "ADV-2007-3406", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3406"}, {"name": "27557", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27557"}, {"name": "40440", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/40440"}, {"name": "ADV-2007-3405", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3405"}, {"name": "26377", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26377"}, {"name": "RHSA-2008:0566", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://rhn.redhat.com/errata/RHSA-2008-0566.html"}, {"name": "1020532", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020532"}, {"name": "RHSA-2007:0934", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0934.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:17:27.985Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2007-3406", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3406"}, {"name": "27557", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27557"}, {"name": "40440", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/40440"}, {"name": "ADV-2007-3405", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3405"}, {"name": "26377", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26377"}, {"name": "RHSA-2008:0566", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://rhn.redhat.com/errata/RHSA-2008-0566.html"}, {"name": "1020532", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020532"}, {"name": "RHSA-2007:0934", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0934.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-4994", "datePublished": "2007-11-06T21:00:00", "dateReserved": "2007-09-20T00:00:00", "dateUpdated": "2024-08-07T15:17:27.985Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:certificate_server:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "575AE74C-7079-49EE-BCFF-39406C4FD011", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL."}, {"lang": "es", "value": "Certificate Server 7.2 en Red Hat Certificate System (RHCS) no maneja de forma adecuada nuevas revocaciones que ocurren mientras un ertificate Revocation List (CRL) est\u00e9 siendo generado, lo cual permite prevenir ciertas revocaciones de certificados desde la aparici\u00f3n del un CRL rapidamente y permitir a usuarios con certificados revocados evitar el CRL previsto."}], "id": "CVE-2007-4994", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-11-06T21:46:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://osvdb.org/40440"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27557"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0934.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/26377"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1020532"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/3405"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/3406"}, {"source": "secalert@redhat.com", "url": "https://rhn.redhat.com/errata/RHSA-2008-0566.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/40440"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27557"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2007-0934.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/26377"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1020532"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/3405"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/3406"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://rhn.redhat.com/errata/RHSA-2008-0566.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2007:0934", "cpe": "cpe:/a:redhat:certificate_system:7.2", "package": "rhpki-ca-0:7.2.0-4", "product_name": "Red Hat Certificate System 7.2 for RHEL 4", "release_date": "2007-10-08T00:00:00Z"}, {"advisory": "RHSA-2007:0934", "cpe": "cpe:/a:redhat:certificate_system:7.2", "package": "rhpki-common-0:7.2.0-8", "product_name": "Red Hat Certificate System 7.2 for RHEL 4", "release_date": "2007-10-08T00:00:00Z"}, {"advisory": "RHSA-2007:0934", "cpe": "cpe:/a:redhat:certificate_system:7.2", "package": "rhpki-util-0:7.2.0-4", "product_name": "Red Hat Certificate System 7.2 for RHEL 4", "release_date": "2007-10-08T00:00:00Z"}, {"advisory": "RHSA-2008:0566", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-ca-0:7.3.0-11.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2008-07-21T00:00:00Z"}, {"advisory": "RHSA-2008:0566", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-common-0:7.3.0-34.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2008-07-21T00:00:00Z"}, {"advisory": "RHSA-2008:0566", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-util-0:7.3.0-18.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2008-07-21T00:00:00Z"}], "bugzilla": {"description": "rhcs CRL can get corrupted", "id": "304571", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=304571"}, "csaw": false, "details": ["Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not properly handle new revocations that occur while a Certificate Revocation List (CRL) is being generated, which might prevent certain revoked certificates from appearing on the CRL quickly and allow users with revoked certificates to bypass the intended CRL."], "name": "CVE-2007-4994", "public_date": "2007-10-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-4994\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-4994"], "threat_severity": "Moderate"}