Lucene search

K
cve[email protected]CVE-2015-1816
HistoryAug 14, 2015 - 6:59 p.m.

CVE-2015-1816

2015-08-1418:59:02
CWE-310
web.nvd.nist.gov
29
forman
cve-2015-1816
ssl
ldap
certificate verification

6.2 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

39.7%

Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate.

Affected configurations

NVD
Node
theforemanforemanRange1.7.3

6.2 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

39.7%