{
  "threat_severity" : "Moderate",
  "public_date" : "2017-08-25T00:00:00Z",
  "bugzilla" : {
    "description" : "krb5: Authentication bypass by improper validation of certificate EKU and SAN",
    "id" : "1485510",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1485510"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-295",
  "details" : [ "An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances.", "An authentication bypass flaw was found in the way krb5's certauth interface handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2018-04-10T00:00:00Z",
    "advisory" : "RHSA-2018:0666",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "krb5-0:1.15.1-18.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "krb5",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "krb5",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat JBoss Core Services",
    "fix_state" : "Not affected",
    "package_name" : "krb5",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 6",
    "fix_state" : "Not affected",
    "package_name" : "krb5",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Web Server 2",
    "fix_state" : "Not affected",
    "package_name" : "krb5",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-7562\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7562" ],
  "name" : "CVE-2017-7562",
  "csaw" : false
}