4 matches found
RHEL 7 : redhat-certification (RHSA-2018:2373)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2373 advisory. The redhat-certification package provides partners with a unified web-based user interface to certify their products for use on Red Hat...
Critical: Red Hat Security Advisory: redhat-certification security update
An update for redhat-certification is now available for Red Hat Certification for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2018-10869
The CVE-2018-10869 vulnerability affects redhat-certification and allows a remote attacker to download any file accessible by the web server user via the /download page due to improper access restriction. Red Hat’s RHSA-2018:2373 (and related advisories) document this issue and provide a security...
CVE-2018-10869
It was discovered that redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd. Mitigation If SELinux is enabled it further restricts the set of files that can be downloaded...