CVE-2017-7528
5.2
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
Summary
Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Ansible Tower | As shipped with Red Hat CloudForms Management Engine 5 | affected |
Weaknesses
- CWE-113: CWE-113
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.