← Back

CVE-2015-5152

nvd nist
Published: Jul 17, 2017Modified: May 13, 2026

JSON object

Loading...
8.1
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 5.9
Source: NVD

Description

Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.

Affected (46)

Products: Theforeman: Foreman
Theforeman
1 product
Foreman
Configuration A
46 vulnerable
Vulnerable SoftwareAffected Versions
Theforeman
Foreman
Version 1.1-1
Foreman
Version 1.2.0
Foreman
Version 1.2.0 rc1
Foreman
Version 1.2.0 rc2
Foreman
Version 1.2.0 rc3
Foreman
Version 1.2.1
Foreman
Version 1.2.2
Foreman
Version 1.2.3
Foreman
Version 1.3.0
Foreman
Version 1.3.0 rc1
Foreman
Version 1.3.0 rc2
Foreman
Version 1.3.0 rc3
Foreman
Version 1.3.0 rc4
Foreman
Version 1.3.1
Foreman
Version 1.3.2
Foreman
Version 1.4.0
Foreman
Version 1.4.0 rc1
Foreman
Version 1.4.0 rc2
Foreman
Version 1.4.1
Foreman
Version 1.4.2
Foreman
Version 1.4.3
Foreman
Version 1.4.4
Foreman
Version 1.4.5
Foreman
Version 1.5.0
Foreman
Version 1.5.1
Foreman
Version 1.5.2
Foreman
Version 1.5.3
Foreman
Version 1.6.0
Foreman
Version 1.6.0 rc1
Foreman
Version 1.6.0 rc2
Foreman
Version 1.6.1
Foreman
Version 1.7.0
Foreman
Version 1.7.0 rc1
Foreman
Version 1.7.0 rc2
Foreman
Version 1.7.1
Foreman
Version 1.7.2
Foreman
Version 1.7.3
Foreman
Version 1.7.4
Foreman
Version 1.7.5
Foreman
Version 1.8.0
Foreman
Version 1.8.0 rc1
Foreman
Version 1.8.0 rc2
Foreman
Version 1.8.0 rc3
Foreman
Version 1.8.1
Foreman
Version 1.8.2
Foreman
Version 1.8.3

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

Source: secalert@redhat.com
Mailing ListVendor Advisory
Source: secalert@redhat.com
Issue TrackingMitigationThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingMitigationThird Party Advisory

Timeline

No history available yet.