3 matches found
CVE-2017-2653
A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests. This could allow an attacker to bypass the protectfromforgery XSRF protection causing the routes to be used. This attack would require additional...
CVE-2017-2653
CVE-2017-2653 affects Red Hat CloudForms Management Engine (CFME) and components cfme, cfme-appliance, and cfme-gemset on Red Hat Enterprise Linux 7. Unused delete routes could be reachable via GET requests, bypassing CSRF protection and enabling route usage, potentially in conjunction with addit...
Moderate: Red Hat Security Advisory: cfme, cfme-appliance, and cfme-gemset security, bug fix, and enhancement update
An update for cfme, cfme-appliance, and cfme-gemset is now available for CloudForms Management Engine 5.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...