CVE-2012-1145 — Improper Authentication in Redhat Satellite

CWE-287 — Improper Authentication6 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

1.8%

top 17.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Satellite

Timeline

PublishedJun 16

Latest updateMay 13

Description

spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/satellite5.4

🔴Vulnerability Details

GHSA

GHSA-c32r-w7r9-9w44: spacewalk-backend in Red Hat Network Satellite 5↗2022-05-13

▶

CVEList

CVE-2012-1145: spacewalk-backend in Red Hat Network Satellite 5↗2012-06-16

▶

📋Vendor Advisories

Red Hat

satellite: remote package upload without authorization↗2012-03-29

▶

💬Community

Bugzilla

CVE-2012-1145 satellite: remote package upload without authorization [fedora-18]↗2012-03-29

▶

Bugzilla

CVE-2012-1145 satellite: remote package upload without authorization↗2012-03-06

▶