CVE-2017-2667

Severity CVSS v4.0:
Pending analysis
Type:
CWE-345 Insufficient Verification of Data Authenticity
Publication date:
12/03/2018
Last modified:
17/06/2026

Description

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:theforeman:hammer_cli:*:*:*:*:*:*:*:* 0.10.0 (excluding)
cpe:2.3:a:redhat:satellite:6.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite_capsule:6.3:*:*:*:*:*:*:*