RHEL 7 : rubygem-hammer_cli (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-hammercli: no verification of API server's SSL certificate CVE-2017-2667 Note that Nessus has not tested fo...

RHEL 6 : rubygem-hammer_cli (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-hammercli: no verification of API server's SSL certificate CVE-2017-2667 Note that Nessus has not tested fo...

RHEL 7 : rubygem-hammer_cli (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubygem-hammercli: no verification of API server's SSL certificate CVE-2017-2667 Note that Nessus has not tested fo...

Insecure File Permissions

hammercli uses insecure file permissions. The file /etc/hammer/cli.modules.d/foreman.yml is world-readable, which would allow a local user to access and read the file. The configuration file may contain confidential information such as usernames and passwords...

CVE-2017-2667

It was found that the hammercli command line client disables SSL/TLS certificate verification by default. A man-in-the-middle MITM attacker could use this flaw to spoof a valid certificate...

Unverified SSL Certificates

hammercli uses unverified SSL certificates by default. When hammercli initiates HTTPS connections using apipie-binding and rest-clients, it doesn't verify that the SSL certificate is correct. This allows man-in-the-middle MitM attacks...