redhat-certification is vulnerable to information disclosure attacks. This is because redhat-certification does not properly restrict files that could be download through the download page. A remote attacker may download any file accessible by the user running httpd.