Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-4594

Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published

2007-08-29T22:17:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

4.9

Weaknesses

Type: Primary
CWE-255

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	entrust	entelligence_security_provider	8	Yes

References

http://secunia.com/advisories/26630 Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/25471 Patch ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/36331 ([email protected])
http://secunia.com/advisories/26630 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/25471 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36331 (af854a3a-2127-422b-91ae-364da2661108)