PT-2017-6817 · Foreman · Foreman

Dominic Cleal

Publicado

2017-07-14

Atualizado

2023-02-13

CVE-2015-5152

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Foreman versions 1.1 through 1.9.0-RC1

Description The issue allows remote attackers to obtain user credentials via a man-in-the-middle attack because HTTP requests are not redirected to HTTPS when the require ssl setting is set to true.

Recommendations For versions 1.1 through 1.9.0-RC1, ensure the require ssl setting is properly configured and consider implementing additional security measures to enforce HTTPS connections, such as configuring the server to redirect all HTTP requests to HTTPS.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2015-5152

Produtos afetados

Foreman

PT-2017-6817 · Foreman · Foreman

CVE-2015-5152

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3