CVE-2016-9599

Published: Apr 24, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.6 / Impact: 5.9

Source: NVD

Description

puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources.

Affected (3)

Products: Openstack: Puppet Tripleo · Redhat: Openstack

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openstack Puppet Tripleo	Version 5.5.0
Openstack Puppet Tripleo	Version 6.2.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack	Version 10

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

http://rhn.redhat.com/errata/RHSA-2017-0025.html

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9599

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0025.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9599

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.