Back to search
CVE-2014-3691
Published: Mar 9, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/theforeman/smart-proxy/pull/217
x_refsource_CONFIRM
http://projects.theforeman.org/issues/7822
x_refsource_CONFIRM
RHSA-2015:0287
vendor-advisory
x_refsource_REDHAT
RHSA-2015:0288
vendor-advisory
x_refsource_REDHAT
https://groups.google.com/forum/#%21topic/foreman-announce/jXC5ixybjqo
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now