2 matches found
RHEL 6 : candlepin in Subscription Asset Manager (RHSA-2013:1863)
Updated candlepin packages that fix one security issue are now available for Red Hat Subscription Asset Manager. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
CVE-2013-6439
CVE-2013-6439 affects Red Hat Subscription Asset Manager Candlepin 1.0–1.3, which uses a weak authentication scheme when the configuration file does not specify a scheme. Public sources reiterate an authentication-bypass risk. Remediation involves applying the updated candlepin packages from RHSA...