Описание
hammer_cli_foreman Improper Certificate Validation vulnerability
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-2667
- https://access.redhat.com/errata/RHSA-2018:0336
- https://bugzilla.redhat.com/show_bug.cgi?id=1436262
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hammer_cli_foreman/CVE-2017-2667.yml
- https://web.archive.org/web/20200227181720/http://www.securityfocus.com/bid/97153
- http://projects.theforeman.org/issues/19033
- http://www.securityfocus.com/bid/97153
Пакеты
hammer_cli_foreman
< 0.10.0
0.10.0
Связанные уязвимости
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not ...