CVE-2009-0788

Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/47316
https://bugzilla.redhat.com/show_bug.cgi?id=491365
http://www.vupen.com/english/advisories/2011/0967	Vendor Advisory
http://www.securitytracker.com/id?1025316
http://secunia.com/advisories/44150	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0434.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/66691

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:network_satellite_server:5.3:::::::*
	cpe:2.3:a:redhat:network_satellite_server:5.4:::::::*

Information

Published : 2011-04-18 10:55

Updated : 2017-08-16 18:30

NVD link : CVE-2009-0788

Mitre link : CVE-2009-0788

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

Products Affected

redhat

network_satellite_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/47316", "name": "47316", "tags": [], "refsource": "BID"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=491365", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=491365", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2011/0967", "name": "ADV-2011-0967", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.securitytracker.com/id?1025316", "name": "1025316", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/44150", "name": "44150", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0434.html", "name": "RHSA-2011:0434", "tags": [], "refsource": "REDHAT"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66691", "name": "rhnss-url-security-bypass(66691)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-0788", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-04-18T17:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:network_satellite_server:5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:network_satellite_server:5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:30Z"}