CVE-2017-2667
N/A
N/A
Summary
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Foreman | Hammer CLI | 0.10.0 | affected |
Weaknesses
- CWE-345: CWE-345
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=1436262
- https://access.redhat.com/errata/RHSA-2018:0336
- http://projects.theforeman.org/issues/19033
- http://www.securityfocus.com/bid/97153
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1436262
- https://access.redhat.com/errata/RHSA-2018:0336
- http://projects.theforeman.org/issues/19033
- http://www.securityfocus.com/bid/97153
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.