CVE-2010-1171

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 18-04-2011 07:55

Last modified: - 19-02-2022 05:12

Total changes: - 3

Description

Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.html) files for channels.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:S/C:P/I:N/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

Low

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

5.5

Base score

8.0

4.9

Exploitability score

Impact score

Verification logic

vendor=Red Hat Enterprise Linux AND product=satellite AND version=5.4

vendor=Red Hat Enterprise Linux AND product=satellite AND version=5.3

Reference

RHSA-2011:0434-Not Applicable
https://bugzilla.redhat.com/show_bug.cgi?id=584118
1025316-Third Party Advisory, VDB Entry
44150-Not Applicable
47316-Third Party Advisory, VDB Entry
ADV-2011-0967-Vendor Advisory
rhnss-xmlrpcapi-info-disclosure(66690)-Third Party Advisory, VDB Entry

Keywords

CVE-2010-1171

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2010-1171

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures