Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules (authz.evaluateOrder=allow,deny), then allow rules will deny access and deny rules will grant access. This may result in an escalation of privileges or have other unintended consequences.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Dogtag PKI 安全漏洞
Vulnerability Description
Dogtag PKI是一套企业级开源证书颁发系统。该系统支持密钥存档、OCSP(联机证书状态管理)和智能卡管理等功能。 Dogtag PKI 10.6.1及之前版本中的AAclAuthz.java文件中存在安全漏洞。攻击者可利用该漏洞获取访问权限。
CVSS Information
N/A
Vulnerability Type
N/A