Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-2667

Опубликовано: 27 мар. 2017
Источник: redhat
CVSS3: 6.4

Описание

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.

It was found that the hammer_cli command line client disables SSL/TLS certificate verification by default. A man-in-the-middle (MITM) attacker could use this flaw to spoof a valid certificate.

Отчет

This issue affects the versions of rubygem-hammer_cli as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6rubygem-hammer_cliWill not fix
Red Hat Enterprise Linux 7rubygem-hammer_cliWill not fix
Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installerrubygem-hammer_cliWill not fix
Red Hat Satellite 6.3 for RHEL 7candlepinFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foremanFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-bootloaders-redhatFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-discovery-imageFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-installerFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-proxyFixedRHSA-2018:033621.02.2018
Red Hat Satellite 6.3 for RHEL 7foreman-selinuxFixedRHSA-2018:033621.02.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-345
https://bugzilla.redhat.com/show_bug.cgi?id=1436262rubygem-hammer_cli: no verification of API server's SSL certificate

6.4 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2017-2667

CVSS3: 8.1
nvd
почти 8 лет назад

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.

debian логотип

CVE-2017-2667

CVSS3: 8.1
debian
почти 8 лет назад

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not ...

github логотип

GHSA-77h8-xr85-3x5q

CVSS3: 8.1
github
больше 3 лет назад

hammer_cli_foreman Improper Certificate Validation vulnerability

6.4 Medium

CVSS3