CVE-2010-1171 — Redhat Satellite vulnerability

CWE-2646 documents5 sources

Severity

5.5MEDIUMNVD

EPSS

1.0%

top 23.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Satellite

Timeline

PublishedApr 18

Latest updateMay 2

Description

Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files for channels.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 8.0 | Impact: 4.9

Affected Packages1 packages

▶NVDredhat/satellite5.3, 5.4+1

🔴Vulnerability Details

GHSA

GHSA-qv7v-mjjg-mhxh: Red Hat Network (RHN) Satellite 5↗2022-05-02

▶

CVEList

CVE-2010-1171: Red Hat Network (RHN) Satellite 5↗2011-04-18

▶

📋Vendor Advisories

Red Hat

rhn_satellite: Improper channel comps information management↗2011-04-11

▶

💬Community

Bugzilla

CVE-2010-1171 CVE-2009-0788 spacewalk-backend various flaws [fedora-all]↗2011-04-11

▶

Bugzilla

CVE-2010-1171 rhn_satellite: Improper channel comps information management↗2010-04-20

▶