Vulnerability Description
Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files for channels.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Satellite | 5.3 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/44150Not Applicable
- http://www.redhat.com/support/errata/RHSA-2011-0434.htmlNot Applicable
- http://www.securityfocus.com/bid/47316Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1025316Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2011/0967Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=584118Issue TrackingVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66690Third Party AdvisoryVDB Entry
- http://secunia.com/advisories/44150Not Applicable
- http://www.redhat.com/support/errata/RHSA-2011-0434.htmlNot Applicable
- http://www.securityfocus.com/bid/47316Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1025316Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2011/0967Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=584118Issue TrackingVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66690Third Party AdvisoryVDB Entry
FAQ
What is CVE-2010-1171?
CVE-2010-1171 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum opera...
How severe is CVE-2010-1171?
CVE-2010-1171 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1171?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Satellite.