FKIE_CVE-2012-2662

Vulnerability from fkie_nvd - Published: 2012-08-13 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to the (1) System Agent or (2) End Entity pages.
References
secalert@redhat.comhttp://osvdb.org/84099
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1103.htmlVendor Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2015-1347.html
secalert@redhat.comhttp://secunia.com/advisories/50013Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/54608
secalert@redhat.comhttp://www.securitytracker.com/id?1027284Vendor Advisory
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/77101
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/84099
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1103.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-1347.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50013Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/54608
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1027284Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/77101
Impacted products
Vendor Product Version
redhat certificate_system *
redhat certificate_system 7.1
redhat certificate_system 7.2
redhat certificate_system 7.3
redhat certificate_system 8
redhat certificate_system 8.0
redhat dogtag_certificate_system *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:certificate_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE009B1B-E0AB-4BA4-9A18-5F2A45FDCB7F",
              "versionEndIncluding": "8.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:certificate_system:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A94B7103-11B7-4B1E-AE02-86210F9CCCAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27FE079E-FB15-443C-BE2E-1D4C940BB8C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:certificate_system:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2654E6A-190C-4D5C-ABC0-89011DD8E293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:certificate_system:8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2EF75FF-FCDB-433C-A7B9-4DBAABAC6643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:certificate_system:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "969F1FDC-EB66-4758-B619-C48CA1E5B1AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:dogtag_certificate_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06D606EF-447B-42C5-ADBE-14515257262B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to the (1) System Agent or (2) End Entity pages."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en Red Hat Certificate System (RHCS) antes de v8.1.1 y Dogtag Certificate System permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de par\u00e1metros no especificados a (1) el agente del sistema (System Agent) o (2) las p\u00e1ginas de la entidad final.\r\n"
    }
  ],
  "id": "CVE-2012-2662",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-08-13T20:55:05.757",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/84099"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1103.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1347.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50013"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/54608"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securitytracker.com/id?1027284"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/84099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1103.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1347.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/54608"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securitytracker.com/id?1027284"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77101"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.