|
SecurityLex.Org
|
|
|
Your search for "43840" returned:
| Nessus Plugin ID: 43840 | Name: RHSA-2008-0630: jfreechart |
| CVE References: CVE-2005-4838 (cve.mitre.org, nvd.nist.gov) CVE-2006-0254 (cve.mitre.org, nvd.nist.gov) CVE-2006-0898 (cve.mitre.org, nvd.nist.gov) CVE-2007-1349 (cve.mitre.org, nvd.nist.gov) CVE-2007-1355 (cve.mitre.org, nvd.nist.gov) CVE-2007-1358 (cve.mitre.org, nvd.nist.gov) CVE-2007-2449 (cve.mitre.org, nvd.nist.gov) CVE-2007-5461 (cve.mitre.org, nvd.nist.gov) CVE-2007-6306 (cve.mitre.org, nvd.nist.gov) CVE-2008-0128 (cve.mitre.org, nvd.nist.gov) CVE-2008-2369 (cve.mitre.org, nvd.nist.gov) |
| SANS/FBI TOP20 Reference: |
| Group/Family: Red Hat Local Security Checks |
| Risk: Medium |
Description: Synopsis :
The remote host is missing the patch for the advisory RHSA-2008-0630
Description :
Red Hat Network Satellite Server version 5.1.1 is now available. This
update includes fixes for a number of security issues in Red Hat Network
Satellite Server components.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
During an internal security audit, it was discovered that Red Hat Network
Satellite Server shipped with an XML-RPC script, manzier.pxt, which had a
single hard-coded authentication key. A remote attacker who is able to
connect to the Satellite Server XML-RPC service could use this flaw to
obtain limited information about Satellite Server users, such as login
names, associated email addresses, internal user IDs, and partial
information about entitlements. (CVE-2008-2369)
This release also corrects several security vulnerabilities in various
components shipped as part of Red Hat Network Satellite Server 5.1. In a
typical operating environment, these components are not exposed to users
of Satellite Server in a vulnerable manner. These security updates will
reduce / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
|
| Created: 2010-01-18 05:34:03 | Last Changed: 2010-01-18 05:34:03 |
|
|