CVE-2010-1171

Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files for channels.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:satellite:5.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.4:*:*:*:*:*:*:*

History

19 Feb 2022, 04:12

Type Values Removed Values Added
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=584118 - (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=584118 - Issue Tracking, Vendor Advisory
References (SECTRACK) http://www.securitytracker.com/id?1025316 - (SECTRACK) http://www.securitytracker.com/id?1025316 - Third Party Advisory, VDB Entry
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-0434.html - Patch, Vendor Advisory (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-0434.html - Not Applicable
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/66690 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/66690 - Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/44150 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/44150 - Not Applicable
References (BID) http://www.securityfocus.com/bid/47316 - (BID) http://www.securityfocus.com/bid/47316 - Third Party Advisory, VDB Entry

03 Feb 2022, 16:26

Type Values Removed Values Added
First Time Redhat satellite
CPE cpe:2.3:a:redhat:network_satellite:5.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:network_satellite:5.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.4:*:*:*:*:*:*:*

Information

Published : 2011-04-18 17:55

Updated : 2023-12-10 11:03


NVD link : CVE-2010-1171

Mitre link : CVE-2010-1171

CVE.ORG link : CVE-2010-1171


JSON object : View

Products Affected

redhat

  • satellite
CWE
CWE-264

Permissions, Privileges, and Access Controls