Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-5152

Опубликовано: 15 июл. 2015
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.

Отчет

This issue affects the versions of foreman as shipped with Red Hat Satellite 6 and OpenStack. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenStack ForemanforemanAffected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno) InstallerforemanAffected
Red Hat Satellite 6.2 for RHEL 6candlepinFixedRHBA-2016:150127.07.2016
Red Hat Satellite 6.2 for RHEL 6foremanFixedRHBA-2016:150127.07.2016
Red Hat Satellite 6.2 for RHEL 6foreman-installerFixedRHBA-2016:150127.07.2016
Red Hat Satellite 6.2 for RHEL 6foreman-proxyFixedRHBA-2016:150127.07.2016
Red Hat Satellite 6.2 for RHEL 6foreman-selinuxFixedRHBA-2016:150127.07.2016
Red Hat Satellite 6.2 for RHEL 6goferFixedRHBA-2016:150127.07.2016
Red Hat Satellite 6.2 for RHEL 6katelloFixedRHBA-2016:150127.07.2016
Red Hat Satellite 6.2 for RHEL 6katello-agentFixedRHBA-2016:150127.07.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-319
https://bugzilla.redhat.com/show_bug.cgi?id=1243571Foreman: API permits HTTP requests when require_ssl is enabled

EPSS

Процентиль: 52%
0.00291
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2015-5152

CVSS3: 8.1
nvd
больше 8 лет назад

Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.

debian логотип

CVE-2015-5152

CVSS3: 8.1
debian
больше 8 лет назад

Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests ...

github логотип

GHSA-f78j-3cq3-m6p4

CVSS3: 8.1
github
больше 3 лет назад

Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.

EPSS

Процентиль: 52%
0.00291
Низкий

4.3 Medium

CVSS2