Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate.
References
Configurations
History
21 Nov 2024, 02:26
Type | Values Removed | Values Added |
---|---|---|
References | () http://projects.theforeman.org/issues/9858 - Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2015:1591 - | |
References | () https://access.redhat.com/errata/RHSA-2015:1592 - | |
References | () https://github.com/theforeman/foreman/pull/2265 - | |
References | () https://groups.google.com/forum/#%21topic/foreman-announce/9ZnuPcplNLI - |
07 Nov 2023, 02:24
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2015-08-14 18:59
Updated : 2024-11-21 02:26
NVD link : CVE-2015-1816
Mitre link : CVE-2015-1816
CVE.ORG link : CVE-2015-1816
JSON object : View
Products Affected
theforeman
- foreman
CWE
CWE-310
Cryptographic Issues