CVE-2017-2639
Last modified
CVE-2017-2639 is a vulnerability of currently unknown severity. It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms.. EPSS estimates a 1.14% chance of exploitation in the next 30 days.
Description
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Cloudforms | 4.5 |
| Redhat | Cloudforms Management Engine | 5.8 |
References
- http://www.securityfocus.com/bid/98769Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1038599Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2017:1367Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2639Issue Tracking, Vendor Advisory
- http://www.securityfocus.com/bid/98769Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1038599Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2017:1367Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2639Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-2639?
How severe is CVE-2017-2639?
How do I fix CVE-2017-2639?
Are you affected by CVE-2017-2639?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST