Vulnerability Description
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Theforeman | Hammer Cli | < 0.10.0 |
| Redhat | Satellite | 6.3 |
| Redhat | Satellite Capsule | 6.3 |
Related Weaknesses (CWE)
References
- http://projects.theforeman.org/issues/19033Issue TrackingVendor Advisory
- http://www.securityfocus.com/bid/97153Broken LinkThird Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:0336Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1436262Issue Tracking
- http://projects.theforeman.org/issues/19033Issue TrackingVendor Advisory
- http://www.securityfocus.com/bid/97153Broken LinkThird Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:0336Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1436262Issue Tracking
FAQ
What is CVE-2017-2667?
CVE-2017-2667 is a vulnerability with a CVSS score of 8.1 (HIGH). Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not che...
How severe is CVE-2017-2667?
CVE-2017-2667 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2667?
Check the references section above for vendor advisories and patch information. Affected products include: Theforeman Hammer Cli, Redhat Satellite, Redhat Satellite Capsule.