Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2015:0957
HistoryMay 11, 2015 - 12:00 a.m.

(RHSA-2015:0957) Moderate: spacewalk-java security update

2015-05-1100:00:00
access.redhat.com
14

0.007 Low

EPSS

Percentile

80.6%

JSON

Red Hat Satellite is a system management tool for Linux-based
infrastructures. It allows for provisioning, monitoring, and remote
management of multiple Linux deployments with a single, centralized tool.

It was found that the RPC interface in Satellite would resolve external
entities, allowing an attacker to conduct XML External Entity (XXE)
attacks. A remote attacker could use this flaw to read files accessible to
the user running the Satellite server, and potentially perform other more
advanced XXE attacks. (CVE-2014-8162)

Red Hat would like to thank Travis Emmert for reporting this issue.

All spacewalk users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

OSVersionArchitecturePackageVersionFilename
RedHat6noarchspacewalk-java-postgresql< 2.3.8-103.el6satspacewalk-java-postgresql-2.3.8-103.el6sat.noarch.rpm
RedHat6noarchspacewalk-taskomatic< 2.3.8-103.el6satspacewalk-taskomatic-2.3.8-103.el6sat.noarch.rpm
RedHat6noarchspacewalk-java< 2.3.8-103.el6satspacewalk-java-2.3.8-103.el6sat.noarch.rpm
RedHat6noarchspacewalk-java-lib< 2.3.8-103.el6satspacewalk-java-lib-2.3.8-103.el6sat.noarch.rpm
RedHat6srcspacewalk-setup< 2.3.0-17.el6satspacewalk-setup-2.3.0-17.el6sat.src.rpm
RedHat6noarchspacewalk-java-config< 2.3.8-103.el6satspacewalk-java-config-2.3.8-103.el6sat.noarch.rpm
RedHat6noarchspacewalk-setup< 2.3.0-17.el6satspacewalk-setup-2.3.0-17.el6sat.noarch.rpm
RedHat6srcspacewalk-java< 2.3.8-103.el6satspacewalk-java-2.3.8-103.el6sat.src.rpm
RedHat6noarchspacewalk-java-oracle< 2.3.8-103.el6satspacewalk-java-oracle-2.3.8-103.el6sat.noarch.rpm

Related

veracode 1
prion 1
cve 1
cvelist 1
nessus 1
nvd 1
suse 1
veracode
veracode
XML External Entity (XXE)
2019-01-15 09:06:01
prion
prion
Xxe
2015-05-14 14:59:00
cve
cve
CVE-2014-8162
2015-05-14 14:59:05
cvelist
cvelist
CVE-2014-8162
2015-05-14 14:00:00
nessus
nessus
RHEL 6 : Satellite Server (RHSA-2015:0957)
2015-05-12 00:00:00
nvd
nvd
CVE-2014-8162
2015-05-14 14:59:05
suse
suse
Security update for SUSE Manager Server 1.7 (important)
2015-05-22 00:05:32

0.007 Low

EPSS

Percentile

80.6%

JSON
Related for RHSA-2015:0957
veracode1prion1cve1cvelist1nessus1nvd1suse1