{ "threat_severity" : "Important", "public_date" : "2014-10-06T00:00:00Z", "bugzilla" : { "description" : "foreman-proxy: failure to verify SSL certificates", "id" : "1150879", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1150879" }, "cvss" : { "cvss_base_score" : "5.8", "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status" : "verified" }, "cwe" : "CWE-295", "details" : [ "Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.", "It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the API to make requests and perform actions otherwise restricted." ], "affected_release" : [ { "product_name" : "OpenStack 4 for RHEL 6", "release_date" : "2015-03-03T00:00:00Z", "advisory" : "RHSA-2015:0288", "cpe" : "cpe:/a:redhat:openstack:4::el6", "package" : "foreman-proxy-0:1.3.0-7.el6ost" }, { "product_name" : "OpenStack Foreman for RHEL 6", "release_date" : "2015-03-03T00:00:00Z", "advisory" : "RHSA-2015:0287", "cpe" : "cpe:/a:redhat:openstack-installer:5::el6", "package" : "foreman-proxy-0:1.6.0.33-2.el6ost" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite:6.0::el6", "package" : "foreman-0:1.6.0.51-1.el7sat" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite:6.0::el6", "package" : "foreman-proxy-0:1.6.0.33-1.el7sat" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite:6.0::el6", "package" : "katello-agent-0:1.5.3-7.el7sat" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite:6.0::el6", "package" : "katello-installer-0:0.0.67-1.el6sat" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite:6.0::el6", "package" : "pulp-0:2.4.4-1.el7sat" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite:6.0::el6", "package" : "pulp-nodes-0:2.4.4-1.el7sat" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite:6.0::el6", "package" : "pulp-puppet-0:2.4.4-1.el7sat" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite:6.0::el6", "package" : "pulp-rpm-0:2.4.4-1.1.el6sat" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite:6.0::el6", "package" : "ruby193-rubygem-fog-0:1.21.0-3.2.el6sat" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite:6.0::el6", "package" : "ruby193-rubygem-foreman-tasks-0:0.6.9-1.2.el7sat" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite_capsule:6.0::el6", "package" : "foreman-0:1.6.0.51-1.el7sat" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite_capsule:6.0::el6", "package" : "foreman-proxy-0:1.6.0.33-1.el7sat" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite_capsule:6.0::el6", "package" : "katello-agent-0:1.5.3-7.el7sat" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite_capsule:6.0::el6", "package" : "katello-installer-0:0.0.67-1.el6sat" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite_capsule:6.0::el6", "package" : "pulp-0:2.4.4-1.el7sat" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite_capsule:6.0::el6", "package" : "pulp-nodes-0:2.4.4-1.el7sat" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite_capsule:6.0::el6", "package" : "pulp-puppet-0:2.4.4-1.el7sat" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite_capsule:6.0::el6", "package" : "pulp-rpm-0:2.4.4-1.1.el6sat" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite_capsule:6.0::el6", "package" : "ruby193-rubygem-fog-0:1.21.0-3.2.el6sat" }, { "product_name" : "Red Hat Satellite 6.0", "release_date" : "2015-01-16T00:00:00Z", "advisory" : "RHBA-2015:0054", "cpe" : "cpe:/a:redhat:satellite_capsule:6.0::el6", "package" : "ruby193-rubygem-foreman-tasks-0:0.6.9-1.2.el7sat" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-3691\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3691" ], "name" : "CVE-2014-3691", "csaw" : false }