CVE-2017-7513 MEDIUM

CVE-2017-7513

Vendor Red Hat
Product Red Hat Satellite
Weakness CWE-295
Published August 22, 2018
Last update August 5, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate.

Key dates

02Disclosure timeline

August 22, 2018 CVE published
August 5, 2024 Record updated

Related vulnerabilities

04Related CVE