CCE-36900-9| Platform: cpe:/o:microsoft:windows_server_2012::r2 | Date: (C)2015-10-08 (M)2023-07-04 |
Online Responder Service
Enables identity revocation services for PKI (certificate) based services such as secure e-mail smartcard logon, secure web servers, etc as an online request and response query process. If this service is stopped or disabled, revocation services may not be available for PKI (certificate) applications thereby generating authentication or application failures.
Parameter:
[manual/disable/automatic]
Technical Mechanism:
(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsSystem Services!Online Responder Service
(2) REG: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesocspsvc!Start
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 8.1 | Attack Vector: NETWORK |
| Exploit Score: 2.2 | Attack Complexity: HIGH |
| Impact Score: 5.9 | Privileges Required: NONE |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:22753 |
