Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2008-2369: Red Hat Customer Portal - Access to 24x7 support and knowledge

manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.

CVE
Open in Source
#xss#vulnerability#web#linux#red_hat#dos#apache#nodejs#js#java#kubernetes

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Red Hat Customer Portal

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus
  • Red Hat CodeReady Studio

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2008-08-13

Updated:

2008-08-13

RHSA-2008:0630 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Low: Red Hat Network Satellite Server security update

Type/Severity

Security Advisory: Low

Topic

Red Hat Network Satellite Server version 5.1.1 is now available. This
update includes fixes for a number of security issues in Red Hat Network
Satellite Server components.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

Description

During an internal security audit, it was discovered that Red Hat Network
Satellite Server shipped with an XML-RPC script, manzier.pxt, which had a
single hard-coded authentication key. A remote attacker who is able to
connect to the Satellite Server XML-RPC service could use this flaw to
obtain limited information about Satellite Server users, such as login
names, associated email addresses, internal user IDs, and partial
information about entitlements. (CVE-2008-2369)

This release also corrects several security vulnerabilities in various
components shipped as part of Red Hat Network Satellite Server 5.1. In a
typical operating environment, these components are not exposed to users
of Satellite Server in a vulnerable manner. These security updates will
reduce risk in unique Satellite Server environments.

A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)

Multiple cross-site scripting flaws were fixed in the image map feature in
the JFreeChart package. (CVE-2007-6306)

A flaw which could result in weak encryption was fixed in the
perl-Crypt-CBC package. (CVE-2006-0898)

Multiple flaws were fixed in the Apache Tomcat package. (CVE-2005-4838,
CVE-2006-0254, CVE-2007-1355, CVE-2007-1358, CVE-2007-2449, CVE-2007-5461,
CVE-2008-0128)

Users of Red Hat Network Satellite Server 5.1 are advised to upgrade to
5.1.1, which resolves these issues.

Affected Products

  • Red Hat Network Satellite 5.1 (for RHEL Mainframe) 5.1 s390x
  • Red Hat Network Satellite 5.1 (for RHEL Mainframe) 5.1 s390
  • Red Hat Network Satellite 5.1 (for RHEL Server) 5.1 x86_64
  • Red Hat Network Satellite 5.1 (for RHEL Server) 5.1 i386

Fixes

  • BZ - 238401 - CVE-2005-4838 tomcat manager example DoS
  • BZ - 240423 - CVE-2007-1349 mod_perl PerlRun denial of service
  • BZ - 244803 - CVE-2007-1358 tomcat accept-language xss flaw
  • BZ - 244804 - CVE-2007-2449 tomcat examples jsp XSS
  • BZ - 253166 - CVE-2007-1355 tomcat XSS in samples
  • BZ - 333791 - CVE-2007-5461 Absolute path traversal Apache Tomcat WEBDAV
  • BZ - 421081 - CVE-2007-6306 JFreeChart: XSS vulnerabilities in the image map feature
  • BZ - 429821 - CVE-2008-0128 tomcat5 SSO cookie login information disclosure
  • BZ - 430522 - CVE-2006-0898 perl-Crypt-CBC weaker encryption with some ciphers
  • BZ - 430646 - CVE-2006-0254 tomcat examples XSS
  • BZ - 452461 - CVE-2008-2369 RHN Satellite: information disclosure via manzier.pxt RPC script

CVEs

  • CVE-2008-2369
  • CVE-2006-0898
  • CVE-2008-0128
  • CVE-2007-1355
  • CVE-2007-6306
  • CVE-2007-5461
  • CVE-2007-2449
  • CVE-2007-1358
  • CVE-2007-1349
  • CVE-2005-4838
  • CVE-2006-0254

Red Hat Network Satellite 5.1 (for RHEL Mainframe) 5.1

SRPM

s390x

s390

Red Hat Network Satellite 5.1 (for RHEL Server) 5.1

SRPM

x86_64

i386

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE