CVE-2017-7528

CVSS 5.2 MEDIUMEPSS 0.6%CWE-113

Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback).

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

Productos afectados

Red Hat · Ansible Tower

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7528 http://www.securityfocus.com/bid/105143