Redhat-certification CVE-2018-10869 Arbitrary File Download Vulnerability
BID:105061
CVE-2018-10869 |Info
Redhat-certification CVE-2018-10869 Arbitrary File Download Vulnerability
| Bugtraq ID: | 105061 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-10869 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 18 2018 12:00AM |
| Updated: | Jul 18 2018 12:00AM |
| Credit: | Riccardo Schirone |
| Vulnerable: |
Redhat Certification for RHEL 7 |
| Not Vulnerable: | |
Discussion
Redhat-certification CVE-2018-10869 Arbitrary File Download Vulnerability
Redhat-certification is prone to an arbitrary-file-download vulnerability that allows remote attackers to download arbitrary files.
An attacker can exploit this issue to download arbitrary files within the context of the web server process. Information obtained may aid in further attacks.
Redhat Certification for RHEL 7 is vulnerable; other versions may also be affected.
Redhat-certification is prone to an arbitrary-file-download vulnerability that allows remote attackers to download arbitrary files.
An attacker can exploit this issue to download arbitrary files within the context of the web server process. Information obtained may aid in further attacks.
Redhat Certification for RHEL 7 is vulnerable; other versions may also be affected.
Solution / Fix
Redhat-certification CVE-2018-10869 Arbitrary File Download Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Redhat-certification CVE-2018-10869 Arbitrary File Download Vulnerability
References:
References:
- Redhat Homepage (redhat)
- CVE-2018-10869 redhat-certification: /download allows to download any file (Bugzilla)
- RHSA-2018:2373 - Security Advisory (Red Hat)