Spoofing attack in CloudForms - CVE-2017-2639
Published: June 1, 2017
Vulnerability identifier: #VU6854
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-2639
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Red Hat Inc.
Affected software:
CloudForms
CloudForms
Detailed vulnerability description
The vulnerability allows a remote attacker to perform spoofing attack.
The weakness exists due to improper verification that the server hostname matches the domain name in the certificate. A remote attacker can use a certificate authority, spoof a Red Hat Virtualization (RHEV) or OpenShift system and gain access to arbitrary files.
Successful exploitation of this vulnerability results in information disclosure.
The weakness exists due to improper verification that the server hostname matches the domain name in the certificate. A remote attacker can use a certificate authority, spoof a Red Hat Virtualization (RHEV) or OpenShift system and gain access to arbitrary files.
Successful exploitation of this vulnerability results in information disclosure.
How to mitigate CVE-2017-2639
Install update from vendor's website.