A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner.
Metrics
Affected Vendors & Products
References
History
Sat, 21 Dec 2024 02:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Fri, 20 Dec 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner. | |
Title | Http proxies: satellite: service side request forgery in http proxies | |
First Time appeared |
Redhat
Redhat satellite |
|
Weaknesses | CWE-918 | |
CPEs | cpe:/a:redhat:satellite:6 | |
Vendors & Products |
Redhat
Redhat satellite |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-12-20T15:47:17.402Z
Updated: 2024-12-20T15:47:17.402Z
Reserved: 2024-12-20T12:10:24.705Z
Link: CVE-2024-12840
Vulnrichment
No data.
NVD
Status : Received
Published: 2024-12-20T16:15:23.417
Modified: 2024-12-20T16:15:23.417
Link: CVE-2024-12840
Redhat