PT-2021-8693 · Red Hat+1 · Redhat-Certification+1
Published
2021-05-26
·
Updated
2023-02-10
·
CVE-2018-10867
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
redhat-certification version 7
Description
The issue allows files to be accessible without restrictions from the "/update/results" page, enabling an attacker to remove any file accessible by the apached user. A remote attacker could exploit this to remove files accessible by the user running httpd.
Recommendations
For redhat-certification version 7, consider restricting access to the /update/results page until a fix is available. As a temporary workaround, restrict file access permissions for the apached user to minimize the risk of exploitation.
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Httpd
Redhat-Certification