CVE-2015-1777

Опубликовано: 04 мар. 2015

Источник: redhat

CVSS2: 4.3

Описание

rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack.

Отчет

This issue affects the versions of rhn-client-tools as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	rhn-client-tools	Will not fix
Red Hat Enterprise Linux 6	rhn-client-tools	Will not fix
Red Hat Enterprise Linux 7	rhn-client-tools	Will not fix
Red Hat Storage 2.1	rhn-client-tools	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-297

https://bugzilla.redhat.com/show_bug.cgi?id=1198740rhn-setup: rhnreg_ks fails to properly validate SSL/TLS certificates

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2015-1777

CVSS3: 5.9

ubuntu

почти 8 лет назад

CVE-2015-1777

CVSS3: 5.9

nvd

почти 8 лет назад

CVE-2015-1777

CVSS3: 5.9

debian

почти 8 лет назад

rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Re ...

GHSA-7ff6-526r-2f67

CVSS3: 5.9

github

больше 3 лет назад

4.3 Medium

CVSS2