CVE-2016-9185: Infoleak
First published: Fri Nov 04 2016(Updated: )
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| openstack heat | =5.0.3 | |
| openstack heat | =6.0.0 | |
| openstack heat | =6.1.0 | |
| openstack heat | =7.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/94205
- https://access.redhat.com/errata/RHSA-2017:1450
- https://access.redhat.com/errata/RHSA-2017:1456
- https://access.redhat.com/errata/RHSA-2017:1464
- https://bugs.launchpad.net/ossa/+bug/1606500
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1391896
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1392249
- https://access.redhat.com/security/cve/cve-2016-9185
- https://bugzilla.redhat.com/show_bug.cgi?id=1391895
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-9185
- agent/tags
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/openstack
- canonical/openstack heat
- version/openstack heat/5.0.3
- version/openstack heat/6.0.0
- version/openstack heat/6.1.0
- version/openstack heat/7.0.0