SB2014062001 - Multiple vulnerabilities in Foreman

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2014062001

SB2014062001 - Multiple vulnerabilities in Foreman

Published: June 20, 2014 Updated: June 21, 2023

Security Bulletin ID SB2014062001
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Cross-site scripting (CVE-ID: CVE-2014-3491)

Vulnerability allows a remote attacker to perform Cross-site scripting attacks.

An input validation error exists in Foreman before 1.4.5 and 1.5.x before 1.5.1 when processing Name field to the New Host groups page, related to create, update, and destroy notification boxes. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

2) Cross-site scripting (CVE-ID: CVE-2014-3492)

Vulnerability allows a remote attacker to perform Cross-site scripting attacks.

An input validation error exists in the host YAML view in Foreman before 1.4.5 and 1.5.x before 1.5.1 when processing a parameter (1) name or (2) value related to the host. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


3) Path traversal (CVE-ID: CVE-2014-4507)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1. A remote authenticated attacker can send a specially crafted HTTP request and remote attackers to overwrite arbitrary files via a . (dot dot) in the dst parameter to tftp/fetch_boot_file.


4) Input validation error (CVE-ID: CVE-2014-0007)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.


Remediation

Install update from vendor's website.

References