Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2017:1367
HistoryMay 31, 2017 - 1:56 p.m.

(RHSA-2017:1367) Moderate: CFME 5.8.0 security, bug, and enhancement update

2017-05-3113:56:07
access.redhat.com
30

0.002 Low

EPSS

Percentile

61.0%

JSON

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.

Security Fix(es):

  • CloudForms includes a default SSL/TLS certificate for the web server. This certificate is replaced at install time, however if an attacker were able to man-in-the-middle an administrator while installing the new certificate the attacker could get a copy of the private key uploaded allowing for future attacks. (CVE-2016-4457)

  • It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms. (CVE-2017-2639)

The CVE-2016-4457 issue was discovered by Simon Lukasik (Red Hat).

Additional Changes:

This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Technical Notes document linked to in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat7noarchsupervisor< 3.1.3-3.el7supervisor-3.1.3-3.el7.noarch.rpm
RedHat7noarchrh-ruby23-rubygem-ffi-doc< 1.9.8-4.el7cfrh-ruby23-rubygem-ffi-doc-1.9.8-4.el7cf.noarch.rpm
RedHat7noarchlibtomcrypt-doc< 1.17-23.el7libtomcrypt-doc-1.17-23.el7.noarch.rpm
RedHat7x86_64rh-ruby23-rubygem-memory_buffer-debuginfo< 0.1.0-2.el7cfrh-ruby23-rubygem-memory_buffer-debuginfo-0.1.0-2.el7cf.x86_64.rpm
RedHat7x86_64rh-ruby23-rubygem-http_parser.rb< 0.6.0-1.el7cfrh-ruby23-rubygem-http_parser.rb-0.6.0-1.el7cf.x86_64.rpm
RedHat7x86_64rh-ruby23-rubygem-websocket-driver< 0.6.3-1.el7cfrh-ruby23-rubygem-websocket-driver-0.6.3-1.el7cf.x86_64.rpm
RedHat7x86_64rh-ruby23-rubygem-http_parser.rb-debuginfo< 0.6.0-1.el7cfrh-ruby23-rubygem-http_parser.rb-debuginfo-0.6.0-1.el7cf.x86_64.rpm
RedHat7x86_64rh-postgresql95-repmgr< 3.1.3-2.el7cfrh-postgresql95-repmgr-3.1.3-2.el7cf.x86_64.rpm
RedHat7noarchlibtommath-doc< 0.42.0-4.el7libtommath-doc-0.42.0-4.el7.noarch.rpm
RedHat7noarchrh-ruby23-rubygem-hamlit-doc< 2.7.2-1.el7cfrh-ruby23-rubygem-hamlit-doc-2.7.2-1.el7cf.noarch.rpm
Rows per page:
1-10 of 1301

Related

cve 2
veracode 2
cvelist 2
redhatcve 2
prion 2
nvd 2
redhat 1
cve
cve
CVE-2016-4457
2017-06-08 18:29:00
CVE-2017-2639
2018-07-27 13:29:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-01-15 09:17:42
Certificate Validation Bypass
2019-05-02 06:11:57
cvelist
cvelist
CVE-2016-4457
2017-06-08 18:00:00
CVE-2017-2639
2018-07-27 13:00:00
redhatcve
redhatcve
CVE-2016-4457
2016-05-31 19:18:25
CVE-2017-2639
2019-10-10 10:05:24
prion
prion
Default credentials
2017-06-08 18:29:00
Code injection
2018-07-27 13:29:00
nvd
nvd
CVE-2016-4457
2017-06-08 18:29:00
CVE-2017-2639
2018-07-27 13:29:00
redhat
redhat
(RHSA-2017:1601) Important: CFME 5.7.3 security, bug fix and enhancement update
2017-06-28 14:35:04

0.002 Low

EPSS

Percentile

61.0%

JSON
Related for RHSA-2017:1367
cve2veracode2cvelist2redhatcve2prion2nvd2redhat1