CWE-299 10 個 CVE MITRE 定義 ↗

CWE-299:Improper Check for Certificate Revocation

概覽

CWE-299(Improper Check for Certificate Revocation)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Not Technology-Specific Undetermined
technology Web Based Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-9636 2026-07-14 A security issue exists within CompactLogix® 5380, ControlLogix® 5580, and EN4 communication modules related to CIP Security certificate revocation handling. The security issue stems from the controll…
CVE-2026-6899 2026-06-09 Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connectio…
CVE-2026-4428 2026-03-19 A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate…
CVE-2025-11955 2025-10-27 Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it do…
CVE-2025-36057 2025-07-21 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is n…
CVE-2025-3085 2025-04-01 A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's cer…
CVE-2024-56138 2025-01-13 notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature…
CVE-2023-23690 2023-01-19 Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentiall…
CVE-2020-1675 2020-10-16 When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious net…
CVE-2020-16228 2020-09-11 In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions …

曾用名

  • Failure to Check for Certificate Revocation (2009-03-10)

內容提交

名稱
CLASP
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings
2009-03-10 CWE Content Team 1.3 updated Description, Name, Relationships
2009-05-27 CWE Content Team 1.4 updated Relationships
2010-12-13 CWE Content Team 1.11 updated Other_Notes
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated References, Relationships
2013-02-21 CWE Content Team 2.4 updated Applicable_Platforms, Demonstrative_Examples, Description, Observed_Examples, Other_Notes, Relationships, Type
2013-07-17 CWE Content Team 2.5 updated Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Demonstrative_Examples, Modes_of_Introduction, Relationships, Type
2018-03-27 CWE Content Team 3.1 updated Modes_of_Introduction, Potential_Mitigations, Time_of_Introduction
2019-09-19 CWE Content Team 3.4 updated Demonstrative_Examples
2020-02-24 CWE Content Team 4.0 updated References, Relationships
2023-01-31 CWE Content Team 4.10 updated Demonstrative_Examples, Description, Modes_of_Introduction
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships, Time_of_Introduction
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Relationships, Weakness_Ordinalities
cvelogic Threat Intelligence