Vulnerability CVE-2009-0788


Published: 2011-04-18   Modified: 2012-02-13

Description:
Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
Redhat -> Network satellite server 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=491365
http://xforce.iss.net/xforce/xfdb/66691
http://www.vupen.com/english/advisories/2011/0967
http://www.securitytracker.com/id?1025316
http://www.securityfocus.com/bid/47316
http://www.redhat.com/support/errata/RHSA-2011-0434.html
http://secunia.com/advisories/44150

Copyright 2024, cxsecurity.com

 

Back to Top