CVE-2018-10863

It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information...

PT-2021-8690 · Red Hat · Redhat-Certification

Name of the Vulnerable Software and Affected Versions: redhat-certification version 7 Description: The issue is related to improper configuration, which allows listing of all files and directories in the /var/www/rhcert/store/transfer directory through the "/rhcert-transfer" API endpoint. This...