It was reported that Certificate System suffers from a format string injection flaw when viewing certificates. This could allow a remote attacker to crash the Certificate System server or, possibly, execute arbitrary code with the privileges of the user runnin the service (typically run as an unprivileged user, such as pkiuser).
This was reported against Certificate System 8.1 and may also affect Dogtag 9 and 10.
Created pki-tps tracking bugs for this issue
Affects: fedora-all [bug 966189]
Affects: epel-5 [bug 966190]
This issue has been addressed in following products:
Red Hat Certificate System 8
Via RHSA-2013:0856 https://rhn.redhat.com/errata/RHSA-2013-0856.html
pki-tps-9.0.11-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.