Vulnerability Details CVE-2017-7528
Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 38.0%
CVSS Severity
CVSS v3 Score 5.2
CVSS v2 Score 3.3
References
Products affected by CVE-2017-7528
-
cpe:2.3:a:redhat:ansible_tower:-
-
cpe:2.3:a:redhat:cloudforms_management_engine:5.0