Linux Distros Unpatched Vulnerability : CVE-2017-2667

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verifyssl flag for apipie-bindings that disable it by default. As a...

hammer_cli_foreman Improper Certificate Validation vulnerability

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verifyssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks...

GHSA-77H8-XR85-3X5Q hammer_cli_foreman Improper Certificate Validation vulnerability

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verifyssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks...

hammer_cli_foreman Improper Certificate Validation vulnerability

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verifyssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks...

Authorization Bypass

katello is vulnerable to authorization bypasses. The library does not properly enforce filters on a repository, allowing a malicious user to gain access to sensitive information on the repository through hammer cli commands...

CVE-2017-2667

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verifyssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks...

Default configuration

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verifyssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks...

CVE-2017-2667

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verifyssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks...

CVE-2017-2667

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verifyssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks...

CVE-2017-2667

CVE-2017-2667 details (Mode C): Hammer CLI (Foreman) before version 0.10.0 does not explicitly enable SSL certificate verification for apipie-bindings, which disables verify_ssl by default. This can cause server certificates to be unchecked and enable MITM attacks. Affected component: Hammer CLI ...

PT-2018-7170 · Red Hat · Hammer Cli

Name of the Vulnerable Software and Affected Versions: Hammer CLI versions prior to 0.10.0 Description: The issue concerns a problem where server certificates are not checked, making connections susceptible to man-in-the-middle attacks due to the lack of explicit verification of SSL certificates...

rubygem-hammer_cli: no verification of API server's SSL certificate

It was found that the hammercli command line client disables SSL/TLS certificate verification by default. A man-in-the-middle MITM attacker could use this flaw to spoof a valid certificate...

hammer_cli SSL Certificate Authentication Security Bypass Vulnerability

Hammer is a general-purpose clamp-based CLI framework from Foreman. hammer-cli provides only the core functionality. A SSL certificate authentication security bypass vulnerability exists in hammercli, which stems from the program failing to properly validate SSL certificates. An attacker could us...

rubygem-hammer_cli_foreman: /etc/hammer/cli.modules.d/foreman.yml is world-readable

rubygem-hammercliforeman: File /etc/hammer/cli.modules.d/foreman.yml world readable...