Information Disclosure

2019-05-1603:10:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

68.7%

JSON

redhat-certification is vulnerable to information disclosure attacks. This is because redhat-certification does not properly restrict files that could be download through the download page. A remote attacker may download any file accessible by the user running httpd.

CPENameOperatorVersion
redhat-certification-hardware-previeweq5.2__20170929.el7
redhat-certification-hardware-previeweq5.8__20180216.1.el7
redhat-certification-hardware-previeweq5.6__20171206.el7
redhat-certification-hardware-previeweq5.10__20180326.el7
redhat-certification-hardware-previeweq5.1__20170908.el7
redhat-certification-hardware-previeweq4.8__20170508.el7
redhat-certification-hardware-previeweq5.3__20171023.el7
redhat-certification-hardware-previeweq4.11__20170707.el7
redhat-certification-hardware-previeweq4.2__20161116.1.el7
redhat-certification-hardware-previeweq5.5__20171201.1.el7

Name	Operator	Version
redhat-certification-hardware-preview	eq	5.2__20170929.el7
redhat-certification-hardware-preview	eq	5.8__20180216.1.el7
redhat-certification-hardware-preview	eq	5.6__20171206.el7
redhat-certification-hardware-preview	eq	5.10__20180326.el7
redhat-certification-hardware-preview	eq	5.1__20170908.el7
redhat-certification-hardware-preview	eq	4.8__20170508.el7
redhat-certification-hardware-preview	eq	5.3__20171023.el7
redhat-certification-hardware-preview	eq	4.11__20170707.el7
redhat-certification-hardware-preview	eq	4.2__20161116.1.el7
redhat-certification-hardware-preview	eq	5.5__20171201.1.el7