CVE-2017-7528: CRLF Injection
First published: Wed Aug 22 2018(Updated: )
Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback).
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Ansible Tower | ||
| Redhat Cloudforms Management Engine | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-7528?
CVE-2017-7528 is a vulnerability in Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 that allows CRLF Injection.
How severe is CVE-2017-7528?
CVE-2017-7528 has a severity rating of 6.5 (medium).
How does the vulnerability in Ansible Tower affect Red Hat CloudForms Management Engine 5?
The vulnerability in Ansible Tower allows internal servers to deploy other systems using a callback, potentially compromising Red Hat CloudForms Management Engine 5.
What is the affected software?
The affected software includes Red Hat Ansible Tower and Red Hat CloudForms Management Engine 5.0.
How can I fix CVE-2017-7528?
To fix CVE-2017-7528, it is recommended to apply the necessary patches and updates provided by Red Hat.
- collector/nvd-index
- agent/weakness
- agent/type
- vendor/redhat
- canonical/redhat ansible tower
- canonical/redhat cloudforms management engine
- version/redhat cloudforms management engine/5.0