Bug 869579 (CVE-2012-4556) - CVE-2012-4556 pki-tps: Connection reset when performing empty certificate search in TPS
Summary: CVE-2012-4556 pki-tps: Connection reset when performing empty certificate sea...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-4556
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 871487 884830 884831
Blocks: 864425
TreeView+ depends on / blocked
 
Reported: 2012-10-24 10:20 UTC by Jan Lieskovsky
Modified: 2023-05-12 20:24 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-08-22 06:46:28 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:1550 0 normal SHIPPED_LIVE Moderate: pki security update 2012-12-07 01:31:21 UTC

Description Jan Lieskovsky 2012-10-24 10:20:46 UTC 
A temporary denial of service flaw was found in the way token processing system of Certificate System processed user certificate search queries with certain empty search fields. A remote attacker could use this flaw to cause the main Apache httpd web server broker it to need to restart (resulting into situation where the client would obtain connection reset instead of proper error message), leading to (temporary) denial of service (resulting into any users currently in the middle of enrolling tokens to experience a connection drop and their in progress operation to be terminated).
Comment 3 Jan Lieskovsky 2012-10-30 14:09:14 UTC 
The CVE identifier of CVE-2012-4556 has been assigned to this issue.
Comment 5 Jan Lieskovsky 2012-11-01 17:42:14 UTC 
Acknowledgements:

Red Hat would like to thank Patrick Raspante and Ryan Millay of GDC4S for reporting this issue.
Comment 6 Vincent Danen 2012-12-06 19:54:43 UTC 
Created pki-tps tracking bugs for this issue

Affects: fedora-all [bug 884830]
Affects: epel-5 [bug 884831]
Comment 7 errata-xmlrpc 2012-12-06 20:34:27 UTC 
This issue has been addressed in following products:

  Red Hat Certificate System 8

Via RHSA-2012:1550 https://rhn.redhat.com/errata/RHSA-2012-1550.html
Note You need to log in before you can comment on or make changes to this bug.