CVE-2017-7528

CWE-113 CWE-935 documents5 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 65.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT Ansible Tower Redhat Cloudforms Management Engine

Timeline

PublishedAug 22

Latest updateMay 13

Description

Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback).

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:NExploitability: 0.9 | Impact: 4.2

Affected Packages2 packages

▶NVDredhat/cloudforms_management_engine5.0

▶CVEListV5red_hat/ansible_towerAs shipped with Red Hat CloudForms Management Engine 5

🔴Vulnerability Details

GHSA

GHSA-qh6h-825q-q4mx: Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection↗2022-05-13

▶

CVEList

CVE-2017-7528: Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection↗2018-08-22

▶

📋Vendor Advisories

Red Hat

Tower: X-Forwarded-For header allows internal servers to deploy other systems (using callback)↗

▶

💬Community

Bugzilla

CVE-2017-7528 Ansible Tower: X-Forwarded-For header allows internal servers to deploy other systems (using callback)↗2017-06-30

▶