Описание
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
It was discovered that redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
Меры по смягчению последствий
If SELinux is enabled it further restricts the set of files that can be downloaded through this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Certification for Red Hat Enterprise Linux 6 | redhat-certification | Not affected | ||
| Red Hat Certification for Red Hat Enterprise Linux 7 | redhat-certification | Fixed | RHSA-2018:2373 | 09.08.2018 |
| Red Hat Certification for Red Hat Enterprise Linux 7 | redhat-certification-hardware | Fixed | RHSA-2018:2373 | 09.08.2018 |
| Red Hat Certification for Red Hat Enterprise Linux 7 | redhat-certification-hardware-preview | Fixed | RHSA-2018:2373 | 09.08.2018 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
7.5 High
CVSS3