First published: Wed Mar 14 2018(Updated: )
It is reported that the Spacewalk 2.6 API contains an XXE flaw resulting in information disclosure.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/redstone-xmlrpc 1.1_20071120 | <20 | 20 |
Redhat Spacewalk | =2.6 | |
Redhat Satellite | =5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-1077 is high.
CVE-2018-1077 affects Spacewalk 2.6 by having an XXE flaw in its API, which allows for the disclosure of potentially sensitive information.
Yes, Redhat Spacewalk version 2.6 is affected by CVE-2018-1077.
Yes, Redhat Satellite version 5.0 is affected by CVE-2018-1077.
To fix CVE-2018-1077, update Redstone-XMLRPC to version 1.1_20071120-20 for Spacewalk 2.6 or update to a newer version of Redhat Spacewalk or Redhat Satellite.