Lucene search
RootSSV:20462HistoryApr 13, 2011 - 12:00 a.m.
Red Hat Network Satellite Server安全绕过和信息泄露漏洞
2011-04-1300:00:00
Root
www.seebug.org
14
EPSS
0.007
Percentile
79.6%
Bugtraq ID: 47316
CVE ID:CVE-2009-0788
CVE-2010-1171
Red Hat Network Satellite Server是一款系统管理解决方案。
-RHN Satellite重写某些URL存在缺陷,未验证用户可使用特制的HTTP请求获得运行了RHN Satellite主机系统的敏感信息。也可以利用RHN Satellite作为分布式拒绝服务攻击工具,通过特制的HTTP请求迫使应用程序连接任意服务。
-RHN Satellite不正确导出老的XML-RPC API,验证用户可利用此缺陷获得可访问RHN Satellite服务进程的任意文件,及防止客户端执行某些YUM操作。
Red Hat Network Satellite Server (for RHEL 5) 5.4
Red Hat Network Satellite Server (for RHEL 5) 5.3
Red Hat Network Satellite Server (for RHEL 4) 5.3
厂商解决方案
用户可参考如下供应商提供的安全公告获得补丁信息:
https://bugzilla.redhat.com/show_bug.cgi?id=491365
https://bugzilla.redhat.com/show_bug.cgi?id=584118
Related
redhat
redhat
(RHSA-2011:0434) Moderate: security update for Red Hat Network Satellite
2011-04-11 00:00:00
veracode
veracode
Authorization Bypass
2020-04-10 00:56:04
Authentication Bypass
2020-04-10 00:56:04
nvd
nvd
CVE-2010-1171
2011-04-18 17:55:00
CVE-2009-0788
2011-04-18 17:55:00
cve
cve
CVE-2010-1171
2011-04-18 17:55:00
CVE-2009-0788
2011-04-18 17:55:00
prion
prion
Design/Logic Flaw
2011-04-18 17:55:00
Code injection
2011-04-18 17:55:00
cvelist
cvelist
CVE-2010-1171
2011-04-18 17:00:00
CVE-2009-0788
2011-04-18 17:00:00