Lucene search

RedhatCVE-2017-7513

HistoryAug 22, 2018 - 3:29 p.m.

CVE-2017-7513

2018-08-2215:29:00

CWE-295

redhat

web.nvd.nist.gov

cve-2017-7513

ssl/tls

postgresql

x.509

certificate validation

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

29.4%

JSON

It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate.

Affected configurations

Nvd

Vulners

Node

redhatsatelliteMatch5.0

redhatsatelliteMatch5.1.1

redhatsatelliteMatch5.2

redhatsatelliteMatch5.3

redhatsatelliteMatch5.4

redhatsatelliteMatch5.4.1

redhatsatelliteMatch5.5

redhatsatelliteMatch5.6

redhatsatelliteMatch5.7

redhatsatelliteMatch5.8

VendorProductVersionCPE
redhatsatellite5.0cpe:2.3:a:redhat:satellite:5.0:*:*:*:*:*:*:*
redhatsatellite5.1.1cpe:2.3:a:redhat:satellite:5.1.1:*:*:*:*:*:*:*
redhatsatellite5.2cpe:2.3:a:redhat:satellite:5.2:*:*:*:*:*:*:*
redhatsatellite5.3cpe:2.3:a:redhat:satellite:5.3:*:*:*:*:*:*:*
redhatsatellite5.4cpe:2.3:a:redhat:satellite:5.4:*:*:*:*:*:*:*
redhatsatellite5.4.1cpe:2.3:a:redhat:satellite:5.4.1:*:*:*:*:*:*:*
redhatsatellite5.5cpe:2.3:a:redhat:satellite:5.5:*:*:*:*:*:*:*
redhatsatellite5.6cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*
redhatsatellite5.7cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*
redhatsatellite5.8cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	satellite	5.0	cpe:2.3:a:redhat:satellite:5.0:::::::*
redhat	satellite	5.1.1	cpe:2.3:a:redhat:satellite:5.1.1:::::::*
redhat	satellite	5.2	cpe:2.3:a:redhat:satellite:5.2:::::::*
redhat	satellite	5.3	cpe:2.3:a:redhat:satellite:5.3:::::::*
redhat	satellite	5.4	cpe:2.3:a:redhat:satellite:5.4:::::::*
redhat	satellite	5.4.1	cpe:2.3:a:redhat:satellite:5.4.1:::::::*
redhat	satellite	5.5	cpe:2.3:a:redhat:satellite:5.5:::::::*
redhat	satellite	5.6	cpe:2.3:a:redhat:satellite:5.6:::::::*
redhat	satellite	5.7	cpe:2.3:a:redhat:satellite:5.7:::::::*
redhat	satellite	5.8	cpe:2.3:a:redhat:satellite:5.8:::::::*

CNA Affected

[
  {
    "product": "Red Hat Satellite",
    "vendor": "Red Hat",
    "versions": [
      {
        "status": "affected",
        "version": "5"
      }
    ]
  }
]

References

access.redhat.com/security/cve/cve-2017-7513

bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7513

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

29.4%

JSON

Related for CVE-2017-7513