CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-1777

rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 31.8%

CVSS Severity

CVSS v3 Score 5.9

CVSS v2 Score 4.3

References

http://www.openwall.com/lists/oss-security/2015/03/04/7
http://www.securityfocus.com/bid/72943
https://bugzilla.redhat.com/show_bug.cgi?id=1198740
http://www.openwall.com/lists/oss-security/2015/03/04/7
http://www.securityfocus.com/bid/72943
https://bugzilla.redhat.com/show_bug.cgi?id=1198740

Products affected by CVE-2015-1777

Redhat » Gluster Storage » Version: 2.1

cpe:2.3:a:redhat:gluster_storage:2.1
Redhat » Rhn-Client-Tools » Version: N/A

cpe:2.3:a:redhat:rhn-client-tools:-
Redhat » Enterprise Linux » Version: 5.0

cpe:2.3:o:redhat:enterprise_linux:5.0
Redhat » Enterprise Linux » Version: 6.0

cpe:2.3:o:redhat:enterprise_linux:6.0
Redhat » Enterprise Linux » Version: 7.0

cpe:2.3:o:redhat:enterprise_linux:7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-1777

Products

Pricing

Contact Us