Veracode Vulnerability DatabaseVERACODE:24509Authentication Bypass
EPSS
Percentile
79.0%
spacewalk-config is vulnerable to authentication bypass. The vulnerability exists as a flaw was found in the way RHN Satellite rewrote certain URLs. An unauthenticated user could use a specially-crafted HTTP request to obtain sensitive information about the host system RHN Satellite was running on. They could also use RHN Satellite as a distributed denial of service tool, forcing it to connect to an arbitrary service at an arbitrary IP address via a specially-crafted HTTP request.
References
secunia.com/advisories/44150
www.redhat.com/support/errata/RHSA-2011-0434.html
www.securityfocus.com/bid/47316
www.securitytracker.com/id?1025316
www.vupen.com/english/advisories/2011/0967
access.redhat.com/errata/RHSA-2011:0434
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=491365
exchange.xforce.ibmcloud.com/vulnerabilities/66691
Related
