CVE-2014-8162

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-8162
XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html
http://rhn.redhat.com/errata/RHSA-2015-0957.html Vendor Advisory
http://www.securityfocus.com/bid/74595
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:network_satellite:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:suse:manager:1.7:*:*:*:*:*:*:*
History

13 Feb 2023, 00:44

Type Values Removed Values Added
Summary It was found that the RPC interface in Satellite would resolve external entities, allowing an attacker to conduct XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the Satellite server, and potentially perform other more advanced XXE attacks. XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.
References
  • {'url': 'https://access.redhat.com/security/cve/CVE-2014-8162', 'name': 'https://access.redhat.com/security/cve/CVE-2014-8162', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:0957', 'name': 'https://access.redhat.com/errata/RHSA-2015:0957', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1187339', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1187339', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 20:19

Type Values Removed Values Added
Summary XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors. It was found that the RPC interface in Satellite would resolve external entities, allowing an attacker to conduct XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the Satellite server, and potentially perform other more advanced XXE attacks.
References
  • (MISC) https://access.redhat.com/security/cve/CVE-2014-8162 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:0957 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1187339 -
Information

Published : 2015-05-14 14:59

Updated : 2023-12-10 11:46

NVD link : CVE-2014-8162

Mitre link : CVE-2014-8162

CVE.ORG link : CVE-2014-8162

JSON object : View

Products Affected

suse

  • manager

redhat

  • network_satellite
CWE
NVD-CWE-Other