Описание
A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server.
Ссылки
- Issue TrackingVendor Advisory
- Patch
- ExploitThird Party Advisory
- Issue TrackingVendor Advisory
- Patch
- ExploitThird Party Advisory
Уязвимые конфигурации
EPSS
8.6 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server.
A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server.
Уязвимость компонента /rpc/api программного средства для управления системами Red Hat Spacewalk, позволяющая нарушителю раскрыть защищаемую информацию и вызвать отказ в обслуживании или выполнить произвольный код
EPSS
8.6 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2