6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.973 High
EPSS
Percentile
99.8%
During an internal security audit, it was discovered that Red Hat Network
Satellite Server shipped with an XML-RPC script, manzier.pxt, which had a
single hard-coded authentication key. A remote attacker who is able to
connect to the Satellite Server XML-RPC service could use this flaw to
obtain limited information about Satellite Server users, such as login
names, associated email addresses, internal user IDs, and partial
information about entitlements. (CVE-2008-2369)
This release also corrects several security vulnerabilities in various
components shipped as part of Red Hat Network Satellite Server 5.1. In a
typical operating environment, these components are not exposed to users
of Satellite Server in a vulnerable manner. These security updates will
reduce risk in unique Satellite Server environments.
A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)
Multiple cross-site scripting flaws were fixed in the image map feature in
the JFreeChart package. (CVE-2007-6306)
A flaw which could result in weak encryption was fixed in the
perl-Crypt-CBC package. (CVE-2006-0898)
Multiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838,
CVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461,
CVE-2008-0128)
Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to
5.1.1, which resolves these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 4 | x86_64 | mod_perl | < 2.0.2-12.el4 | mod_perl-2.0.2-12.el4.x86_64.rpm |
RedHat | 4 | s390x | mod_perl | < 2.0.2-12.el4 | mod_perl-2.0.2-12.el4.s390x.rpm |
RedHat | any | noarch | jfreechart | < 0.9.20-3.rhn | jfreechart-0.9.20-3.rhn.noarch.rpm |
RedHat | any | noarch | rhn-html | < 5.1.1-7 | rhn-html-5.1.1-7.noarch.rpm |
RedHat | any | noarch | tomcat5 | < 5.0.30-0jpp_10rh | tomcat5-5.0.30-0jpp_10rh.noarch.rpm |
RedHat | 4 | i386 | mod_perl | < 2.0.2-12.el4 | mod_perl-2.0.2-12.el4.i386.rpm |
RedHat | 4 | noarch | perl-crypt-cbc | < 2.24-1.el4 | perl-Crypt-CBC-2.24-1.el4.noarch.rpm |
RedHat | 4 | s390 | mod_perl | < 2.0.2-12.el4 | mod_perl-2.0.2-12.el4.s390.rpm |