Lucene search
HistoryAug 14, 2015 - 6:59 p.m.
CVE-2015-1816
forman
cve-2015-1816
ssl
ldap
certificate verification
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.2 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
39.9%
Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate.
Affected configurations
Node
theforemanforemanRange≤1.7.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| theforeman:foreman | theforeman foreman | le | 1.7.3 |
Related
nvd
nvd
CVE-2015-1816
2015-08-14 18:59:02
prion
prion
Code injection
2015-08-14 18:59:00
cvelist
cvelist
CVE-2015-1816
2015-08-14 18:00:00
redhat
redhat
(RHSA-2015:1592) Important: Red Hat Satellite 6.1.1 on RHEL 6
2015-08-12 04:47:35
(RHSA-2015:1591) Important: Red Hat Satellite 6.1.1 on RHEL 7
2015-08-12 04:38:51
veracode
veracode
Incorrect Session Invalidation
2019-05-02 05:42:22
Man-In-The-Middle (MitM)
2019-05-02 05:42:16
Cross-Site Scripting (XSS)
2019-05-02 05:42:13
nessus
nessus
RHEL 6 : Satellite Server (RHSA-2015:1592)
2015-09-01 00:00:00
RHEL 7 : Satellite Server (RHSA-2015:1591)
2015-09-01 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.2 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
39.9%
Related for CVE-2015-1816