CVE-2015-1816 — Improper Certificate Validation in Foreman

CWE-310 CWE-295 — Improper Certificate Validation5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.2%

top 55.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Theforeman Foreman

Timeline

PublishedAug 14

Latest updateMay 14

Description

Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDtheforeman/foreman1.7.3

🔴Vulnerability Details

GHSA

GHSA-gjcw-j8fh-6j22: Forman before 1↗2022-05-14

▶

CVEList

CVE-2015-1816: Forman before 1↗2015-08-14

▶

📋Vendor Advisories

Red Hat

foreman: lack of SSL certificate validation when performing LDAPS authentication↗2015-02-19

▶

💬Community

Bugzilla

CVE-2015-1816 foreman: lack of SSL certificate validation when performing LDAPS authentication↗2015-04-02

▶