CVE-2017-7513 — Improper Certificate Validation in RED HAT Satellite

CWE-295 — Improper Certificate Validation5 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 74.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT Satellite Redhat Satellite

Timeline

PublishedAug 22

Latest updateMay 13

Description

It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶NVDredhat/satellite10 versions+9

▶CVEListV5red_hat/red_hat_satellite5

🔴Vulnerability Details

GHSA

GHSA-c2vg-q78p-66vp: It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X↗2022-05-13

▶

CVEList

CVE-2017-7513: It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X↗2018-08-22

▶

📋Vendor Advisories

Red Hat

5: Failure to verify DB hostname against hostname in certificate in PostgreSQL through SSL configuration↗2017-07-25

▶

💬Community

Bugzilla

CVE-2017-7513 SAT 5: Failure to verify DB hostname against hostname in certificate in PostgreSQL through SSL configuration↗2017-06-01

▶