CVE-2017-7513

Published: Aug 22, 2018Modified: Nov 21, 2024

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate.

Affected (10)

Products: Redhat: Satellite

Redhat

1 product

Satellite

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Redhat Satellite	Version 5.0
Redhat Satellite	Version 5.1.1
Redhat Satellite	Version 5.2
Redhat Satellite	Version 5.3
Redhat Satellite	Version 5.4.1
Redhat Satellite	Version 5.4
Redhat Satellite	Version 5.5
Redhat Satellite	Version 5.6
Redhat Satellite	Version 5.7
Redhat Satellite	Version 5.8

Related CWEs

CWE-295

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (3)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7513

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://access.redhat.com/security/cve/cve-2017-7513

Source: nvd@nist.gov

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7513

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.