Back to search
CVE-2017-2667
Published: Mar 12, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.
| Vendor | Product | Versions |
|---|---|---|
Foreman | Hammer CLI | affected 0.10.0 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1436262
x_refsource_CONFIRM
RHSA-2018:0336
vendor-advisory
x_refsource_REDHAT
http://projects.theforeman.org/issues/19033
x_refsource_CONFIRM
97153
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now