CVE-2017-15136 — Improper Input Validation in HAT INC Satellite 6

CWE-20 — Improper Input Validation5 documents5 sources

Severity

2.7LOWNVD

EPSS

0.2%

top 54.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT INC Satellite 6 Redhat Satellite

Timeline

PublishedFeb 27

Latest updateMay 13

Description

When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:LExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

▶NVDredhat/satellite6.0

▶CVEListV5red_hat_inc/satellite_66.3.0

🔴Vulnerability Details

GHSA

GHSA-6vg6-5p3g-6rw4: When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously regist↗2022-05-13

▶

CVEList

CVE-2017-15136: When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously regist↗2018-02-27

▶

📋Vendor Advisories

Red Hat

katello: system registration hostname hijacking results in inability to access updates↗2018-02-27

▶

💬Community

Bugzilla

CVE-2017-15136 katello: system registration hostname hijacking results in inability to access updates↗2018-01-30

▶