Описание
Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate.
It was found that when making an SSL connection to an LDAP authentication source in Foreman, the remote server certificate was accepted without any verification against known certificate authorities, potentially making TLS connections vulnerable to man-in-the-middle attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenStack Foreman | foreman | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer | foreman | Will not fix | ||
| Red Hat OpenStack Platform 4 | foreman | Will not fix | ||
| Red Hat Satellite 6.1 | aopalliance | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | apache-commons-codec-eap6 | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | apache-mime4j | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | atinject | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | bouncycastle | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | c3p0 | Fixed | RHSA-2015:1592 | 12.08.2015 |
| Red Hat Satellite 6.1 | candlepin | Fixed | RHSA-2015:1592 | 12.08.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS2
Связанные уязвимости
Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate.
Forman before 1.7.4 does not verify SSL certificates for LDAP connecti ...
Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate.
EPSS
4 Medium
CVSS2