CVE-2012-4556
Description
A remote attacker can cause Apache child process restart by sending a certificate search query with empty fields, leading to temporary denial of service in Red Hat Certificate System.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A remote attacker can cause Apache child process restart by sending a certificate search query with empty fields, leading to temporary denial of service in Red Hat Certificate System.
Vulnerability
The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 [1] fails to properly handle user certificate search queries with certain unspecified empty search fields. This flaw allows an attacker to trigger a restart of the Apache httpd web server child process, resulting in a temporary denial of service.
Exploitation
A remote attacker with network access to the TPS web interface can send specially crafted certificate search queries containing empty fields [2]. No authentication or special privileges are required. The query is processed, causing the Apache child process to crash and restart, leading to a connection reset for the client.
Impact
Successful exploitation causes a temporary denial of service: the Apache child process restarts, interrupting in-progress token enrollment operations for other users [2]. The system remains operational but with degraded service until the child process recovers.
Mitigation
Red Hat released updated pki-common and pki-tps packages as part of RHSA-2012:1550 [1] on 2012-12-06, which fix this issue. Users are advised to upgrade to RHCS 8.1.3 or later and restart all Certificate System subsystems (/etc/init.d/[instance-name] restart) for the update to take effect. No workarounds are described.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7cpe:2.3:a:redhat:certificate_system:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:redhat:certificate_system:*:*:*:*:*:*:*:*range: <=8.1.1
- cpe:2.3:a:redhat:certificate_system:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:certificate_system:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:certificate_system:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:certificate_system:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:certificate_system:8.1:*:*:*:*:*:*:*
- (no CPE)range: <8.1.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- rhn.redhat.com/errata/RHSA-2012-1550.htmlnvdVendor Advisory
- secunia.com/advisories/51482nvdVendor Advisory
- www.securityfocus.com/bid/56843nvd
- www.securitytracker.com/idnvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.