CVE-2019-10136
First published: Tue Jul 02 2019(Updated: )
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Satellite | =5.8 | |
| Redhat Spacewalk | <=2.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-10136?
CVE-2019-10136 is a vulnerability found in Spacewalk, all versions through 2.9, which allows an attacker with a valid, but expired, authenticated set of headers to extend the session validity without modifying the checksum.
How does CVE-2019-10136 affect Redhat Satellite?
CVE-2019-10136 affects Redhat Satellite 5.8.
How does CVE-2019-10136 affect Redhat Spacewalk?
CVE-2019-10136 affects Redhat Spacewalk up to version 2.9.
What is the severity of CVE-2019-10136?
CVE-2019-10136 has a severity rating of medium (4.3).
How can I fix CVE-2019-10136?
To fix CVE-2019-10136, upgrade to a version of Spacewalk that is not affected by the vulnerability.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/redhat
- canonical/redhat satellite
- version/redhat satellite/5.8
- canonical/redhat spacewalk
- version/redhat spacewalk/2.9