Lucene search

[email protected]CVE-2008-3270

HistoryAug 18, 2008 - 5:41 p.m.

CVE-2008-3270

2008-08-1817:41:00

CWE-310

[email protected]

web.nvd.nist.gov

cve-2008-3270

yum-rhn-plugin

red hat enterprise linux

rhel 5

ssl certificate

file download

red hat network

rhn

man-in-the-middle attack

denial of service

nvd

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.4%

JSON

yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or force the download and installation of official Red Hat packages that were not requested.

Affected configurations

NVD

Node

redhatenterprise_linuxMatch5.0

CPENameOperatorVersion
redhat:enterprise_linuxredhat enterprise linuxeq5.0

CPE	Name	Operator	Version
redhat:enterprise_linux	redhat enterprise linux	eq	5.0

References

secunia.com/advisories/31472

securitytracker.com/id?1020698

www.redhat.com/support/errata/RHSA-2008-0815.html

www.securityfocus.com/bid/30695

bugzilla.redhat.com/show_bug.cgi?id=457113

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10864

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.4%

JSON

Related for CVE-2008-3270

redhat1 nessus2 openvas2 veracode1 prion1 cvelist1 nvd1