Multiple vulnerabilities in Foreman
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2014-3491 CVE-2014-3492 CVE-2014-4507 CVE-2014-0007 |
| CWE-ID | CWE-79 CWE-22 CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #4 is available. |
| Vulnerable software |
Foreman Web applications / Remote management & hosting panels |
| Vendor | Foreman |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU41509
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-3491
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionVulnerability allows a remote attacker to perform Cross-site scripting attacks.
An input validation error exists in Foreman before 1.4.5 and 1.5.x before 1.5.1 when processing Name field to the New Host groups page, related to create, update, and destroy notification boxes. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsForeman: 1.4.0 - 1.5.0
CPE2.3- cpe:2.3:a:foreman:foreman:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:foreman:foreman:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:foreman:foreman:1.4.2:*:*:*:*:*:*:*
https://projects.theforeman.org/issues/5881
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Cross-site scripting
EUVDB-ID: #VU41510
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-3492
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionVulnerability allows a remote attacker to perform Cross-site scripting attacks.
An input validation error exists in the host YAML view in Foreman before 1.4.5 and 1.5.x before 1.5.1 when processing a parameter (1) name or (2) value related to the host. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsForeman: 1.4.0 - 1.5.0
CPE2.3- cpe:2.3:a:foreman:foreman:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:foreman:foreman:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:foreman:foreman:1.4.2:*:*:*:*:*:*:*
https://projects.theforeman.org/issues/6149
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Path traversal
EUVDB-ID: #VU41537
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-4507
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1. A remote authenticated attacker can send a specially crafted HTTP request and remote attackers to overwrite arbitrary files via a . (dot dot) in the dst parameter to tftp/fetch_boot_file.
MitigationInstall update from vendor's website.
Vulnerable software versionsForeman: 1.4.0 - 1.5.0
CPE2.3- cpe:2.3:a:foreman:foreman:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:foreman:foreman:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:foreman:foreman:1.4.2:*:*:*:*:*:*:*
https://projects.theforeman.org/issues/6086
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU41538
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2014-0007
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.
MitigationInstall update from vendor's website.
Vulnerable software versionsForeman: 1.4.0 - 1.5.0
CPE2.3- cpe:2.3:a:foreman:foreman:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:foreman:foreman:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:foreman:foreman:1.4.2:*:*:*:*:*:*:*
https://projects.theforeman.org/issues/6086
https://rhn.redhat.com/errata/RHSA-2014-0770.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
