5

CVE-2012-1145

spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatSatellite Version5.4
   RedhatEnterprise Linux Version6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.02% 0.857
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://rhn.redhat.com/errata/RHSA-2012-0436.html
Vendor Advisory
http://secunia.com/advisories/48664
Broken Link
http://www.osvdb.org/81481
Broken Link
http://www.securityfocus.com/bid/52832
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1026873
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/74498
Third Party Advisory
VDB Entry