CVE-2017-7513
Severity CVSS v4.0:
Pending analysis
Type:
CWE-295
Improper Certificate Validation
Publication date:
22/08/2018
Last modified:
09/10/2019
Description
It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate.
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Base Score 2.0
5.80
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:redhat:satellite:5.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:satellite:5.1.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:satellite:5.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:satellite:5.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:satellite:5.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:satellite:5.4.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:satellite:5.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page