Detections
Analytics
RHEL 7 : Satellite 6.4 (RHSA-2018:2927)
critical Nessus Plugin ID 118185
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2927 advisory.Red Hat Satellite is a systems management tool for Linux-based infrastructure.
It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)
* hornetq: XXE/SSRF in XPath selector (CVE-2015-3208)
* bouncycastle: Information disclosure in GCMBlockCipher (CVE-2015-6644)
* bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data (CVE-2016-1000338)
* bouncycastle: Information leak in AESFastEngine class (CVE-2016-1000339)
* bouncycastle: Information exposure in DSA signature generation via timing attack (CVE-2016-1000341)
* bouncycastle: ECDSA improper validation of ASN.1 encoding of signature (CVE-2016-1000342)
* bouncycastle: DHIES implementation allowed the use of ECB mode (CVE-2016-1000344)
* bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack (CVE-2016-1000345)
* bouncycastle: Other party DH public keys are not fully validated (CVE-2016-1000346)
* bouncycastle: ECIES implementation allowed the use of ECB mode (CVE-2016-1000352)
* logback: Serialization vulnerability in SocketServer and ServerSocketReceiver (CVE-2017-5929)
* python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs (CVE-2017-7233)
* hibernate-validator: Privilege escalation when running under the security manager (CVE-2017-7536)
* puppet: Environment leakage in puppet-agent (CVE-2017-10690)
* Satellite 6: XSS in discovery rule filter autocomplete functionality (CVE-2017-12175)
* foreman: Stored XSS in fact name or value (CVE-2017-15100)
* pulp: sensitive credentials revealed through the API (CVE-2018-1090)
* foreman: SQL injection due to improper handling of the widget id parameter (CVE-2018-1096)
* foreman: Ovirt admin password exposed by foreman API (CVE-2018-1097)
* django: Catastrophic backtracking in regular expressions via 'urlize' and 'urlizetrunc' (CVE-2018-7536)
* django: Catastrophic backtracking in regular expressions via 'truncatechars_html' and 'truncatewords_html' (CVE-2018-7537)
* guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)
* bouncycastle: Carry propagation bug in math.raw.Nat??? class (CVE-2016-1000340)
* bouncycastle: DSA key pair generator generates a weak private key by default (CVE-2016-1000343)
* puppet: Unpacking of tarballs in tar/mini.rb can create files with insecure permissions (CVE-2017-10689)
* bouncycastle: BKS-V1 keystore files vulnerable to trivial hash collisions (CVE-2018-5382)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; and the Django project for reporting CVE-2017-7233, CVE-2018-7536, and CVE-2018-7537. The CVE-2017-7536 issue was discovered by Gunnar Morling (Red Hat); and the CVE-2018-1096 issue was discovered by Martin Povolny (Red Hat). Red Hat would also like to thank David Jorm (IIX Product Security) for reporting CVE-2015-3208.
Additional Changes:
This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
http://www.nessus.org/u?8b02c33f
http://www.nessus.org/u?bb4d3bf5
https://access.redhat.com/errata/RHSA-2018:2927
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=1052713
https://bugzilla.redhat.com/show_bug.cgi?id=1060745
https://bugzilla.redhat.com/show_bug.cgi?id=1155817
https://bugzilla.redhat.com/show_bug.cgi?id=1177766
https://bugzilla.redhat.com/show_bug.cgi?id=1197650
https://bugzilla.redhat.com/show_bug.cgi?id=1225252
https://bugzilla.redhat.com/show_bug.cgi?id=1260733
https://bugzilla.redhat.com/show_bug.cgi?id=1265533
https://bugzilla.redhat.com/show_bug.cgi?id=1291730
https://bugzilla.redhat.com/show_bug.cgi?id=1295741
https://bugzilla.redhat.com/show_bug.cgi?id=1312098
https://bugzilla.redhat.com/show_bug.cgi?id=1328707
https://bugzilla.redhat.com/show_bug.cgi?id=1349150
https://bugzilla.redhat.com/show_bug.cgi?id=1356517
https://bugzilla.redhat.com/show_bug.cgi?id=1357256
https://bugzilla.redhat.com/show_bug.cgi?id=1372468
https://bugzilla.redhat.com/show_bug.cgi?id=1372731
https://bugzilla.redhat.com/show_bug.cgi?id=1379291
https://bugzilla.redhat.com/show_bug.cgi?id=1382069
https://bugzilla.redhat.com/show_bug.cgi?id=1386283
https://bugzilla.redhat.com/show_bug.cgi?id=1386908
https://bugzilla.redhat.com/show_bug.cgi?id=1389820
https://bugzilla.redhat.com/show_bug.cgi?id=1400058
https://bugzilla.redhat.com/show_bug.cgi?id=1409485
https://bugzilla.redhat.com/show_bug.cgi?id=1410264
https://bugzilla.redhat.com/show_bug.cgi?id=1410746
https://bugzilla.redhat.com/show_bug.cgi?id=1412596
https://bugzilla.redhat.com/show_bug.cgi?id=1416106
https://bugzilla.redhat.com/show_bug.cgi?id=1417015
https://bugzilla.redhat.com/show_bug.cgi?id=1417130
https://bugzilla.redhat.com/show_bug.cgi?id=1419060
https://bugzilla.redhat.com/show_bug.cgi?id=1425609
https://bugzilla.redhat.com/show_bug.cgi?id=1426739
https://bugzilla.redhat.com/show_bug.cgi?id=1428541
https://bugzilla.redhat.com/show_bug.cgi?id=1430022
https://bugzilla.redhat.com/show_bug.cgi?id=1430742
https://bugzilla.redhat.com/show_bug.cgi?id=1432858
https://bugzilla.redhat.com/show_bug.cgi?id=1435973
https://bugzilla.redhat.com/show_bug.cgi?id=1437234
https://bugzilla.redhat.com/show_bug.cgi?id=1439353
https://bugzilla.redhat.com/show_bug.cgi?id=1443505
https://bugzilla.redhat.com/show_bug.cgi?id=1443804
https://bugzilla.redhat.com/show_bug.cgi?id=1444015
https://bugzilla.redhat.com/show_bug.cgi?id=1449011
https://bugzilla.redhat.com/show_bug.cgi?id=1452772
https://bugzilla.redhat.com/show_bug.cgi?id=1455006
https://bugzilla.redhat.com/show_bug.cgi?id=1455132
https://bugzilla.redhat.com/show_bug.cgi?id=1458383
https://bugzilla.redhat.com/show_bug.cgi?id=1458573
https://bugzilla.redhat.com/show_bug.cgi?id=1458754
https://bugzilla.redhat.com/show_bug.cgi?id=1464219
https://bugzilla.redhat.com/show_bug.cgi?id=1464512
https://bugzilla.redhat.com/show_bug.cgi?id=1465573
https://bugzilla.redhat.com/show_bug.cgi?id=1468354
https://bugzilla.redhat.com/show_bug.cgi?id=1468359
https://bugzilla.redhat.com/show_bug.cgi?id=1470014
https://bugzilla.redhat.com/show_bug.cgi?id=1470761
https://bugzilla.redhat.com/show_bug.cgi?id=1474348
https://bugzilla.redhat.com/show_bug.cgi?id=1475121
https://bugzilla.redhat.com/show_bug.cgi?id=1478849
https://bugzilla.redhat.com/show_bug.cgi?id=1482540
https://bugzilla.redhat.com/show_bug.cgi?id=1483033
https://bugzilla.redhat.com/show_bug.cgi?id=1485805
https://bugzilla.redhat.com/show_bug.cgi?id=1486297
https://bugzilla.redhat.com/show_bug.cgi?id=1486782
https://bugzilla.redhat.com/show_bug.cgi?id=1487710
https://bugzilla.redhat.com/show_bug.cgi?id=1488291
https://bugzilla.redhat.com/show_bug.cgi?id=1489377
https://bugzilla.redhat.com/show_bug.cgi?id=1498588
https://bugzilla.redhat.com/show_bug.cgi?id=1498976
https://bugzilla.redhat.com/show_bug.cgi?id=1500593
https://bugzilla.redhat.com/show_bug.cgi?id=1506612
https://bugzilla.redhat.com/show_bug.cgi?id=1508551
https://bugzilla.redhat.com/show_bug.cgi?id=1515888
https://bugzilla.redhat.com/show_bug.cgi?id=1516623
https://bugzilla.redhat.com/show_bug.cgi?id=1527896
https://bugzilla.redhat.com/show_bug.cgi?id=1536487
https://bugzilla.redhat.com/show_bug.cgi?id=1538448
https://bugzilla.redhat.com/show_bug.cgi?id=1538479
https://bugzilla.redhat.com/show_bug.cgi?id=1539076
https://bugzilla.redhat.com/show_bug.cgi?id=1542850
https://bugzilla.redhat.com/show_bug.cgi?id=1545314
https://bugzilla.redhat.com/show_bug.cgi?id=1549777
https://bugzilla.redhat.com/show_bug.cgi?id=1549779
https://bugzilla.redhat.com/show_bug.cgi?id=1552632
https://bugzilla.redhat.com/show_bug.cgi?id=1553869
https://bugzilla.redhat.com/show_bug.cgi?id=1553994
https://bugzilla.redhat.com/show_bug.cgi?id=1555310
https://bugzilla.redhat.com/show_bug.cgi?id=1557067
https://bugzilla.redhat.com/show_bug.cgi?id=1560035
https://bugzilla.redhat.com/show_bug.cgi?id=1561061
https://bugzilla.redhat.com/show_bug.cgi?id=1561723
https://bugzilla.redhat.com/show_bug.cgi?id=1563749
https://bugzilla.redhat.com/show_bug.cgi?id=1564577
https://bugzilla.redhat.com/show_bug.cgi?id=1566764
https://bugzilla.redhat.com/show_bug.cgi?id=1570808
https://bugzilla.redhat.com/show_bug.cgi?id=1572290
https://bugzilla.redhat.com/show_bug.cgi?id=1572297
https://bugzilla.redhat.com/show_bug.cgi?id=1572305
https://bugzilla.redhat.com/show_bug.cgi?id=1573391
https://bugzilla.redhat.com/show_bug.cgi?id=1579384
https://bugzilla.redhat.com/show_bug.cgi?id=1588313
https://bugzilla.redhat.com/show_bug.cgi?id=1588314
https://bugzilla.redhat.com/show_bug.cgi?id=1588323
https://bugzilla.redhat.com/show_bug.cgi?id=1588327
https://bugzilla.redhat.com/show_bug.cgi?id=1588330
https://bugzilla.redhat.com/show_bug.cgi?id=1588688
https://bugzilla.redhat.com/show_bug.cgi?id=1588695
https://bugzilla.redhat.com/show_bug.cgi?id=1588708
https://bugzilla.redhat.com/show_bug.cgi?id=1588715
https://bugzilla.redhat.com/show_bug.cgi?id=1588721
Plugin Details
Severity: Critical
ID: 118185
File Name: redhat-RHSA-2018-2927.nasl
Version: 1.11
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 10/18/2018
Updated: 3/16/2025
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
Vendor
Vendor Severity: Important
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2017-5929
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_discovery_image, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-loofah, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ovirt-engine-sdk, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-locale, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-sprockets, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-safemode, p-cpe:/a:redhat:enterprise_linux:v8, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-rack-test, p-cpe:/a:redhat:enterprise_linux:foreman-postgresql, p-cpe:/a:redhat:enterprise_linux:rubygem-multi_json, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-sprockets-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails-i18n, p-cpe:/a:redhat:enterprise_linux:satellite-debug-tools, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-runcible, p-cpe:/a:redhat:enterprise_linux:python-jinja2, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-mustermann, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redhat_access_lib, p-cpe:/a:redhat:enterprise_linux:libwebsockets, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf, p-cpe:/a:redhat:enterprise_linux:rubygem-rack-protection, p-cpe:/a:redhat:enterprise_linux:foreman-installer, p-cpe:/a:redhat:enterprise_linux:puppetserver, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-audited, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rbvmomi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-diffy, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-actionpack, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-statsd-instrument, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client, p-cpe:/a:redhat:enterprise_linux:repoview, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_tasks, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-core, p-cpe:/a:redhat:enterprise_linux:pulp-server, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-ovirt, p-cpe:/a:redhat:enterprise_linux:katello-installer-base, p-cpe:/a:redhat:enterprise_linux:soappy, p-cpe:/a:redhat:enterprise_linux:mod_xsendfile, p-cpe:/a:redhat:enterprise_linux:tfm-ror51, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-rails-html-sanitizer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-secure_headers, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-sinatra, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-tilt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-record_tag_helper, p-cpe:/a:redhat:enterprise_linux:python-simplejson, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-xml, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_virt_who_configure, p-cpe:/a:redhat:enterprise_linux:katello-selinux, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-netrc, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo_wizards, p-cpe:/a:redhat:enterprise_linux:rubygem-rake, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-websocket-extensions, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client-devel, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-retriable, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-polyglot, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-concurrent-ruby-edge, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-multipart-post, p-cpe:/a:redhat:enterprise_linux:python-fpconst, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-git, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-common, p-cpe:/a:redhat:enterprise_linux:pulp-ostree, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-thor, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ipaddress, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman, p-cpe:/a:redhat:enterprise_linux:puppetlabs-stdlib, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-scoped_search, p-cpe:/a:redhat:enterprise_linux:pulp-docker-admin-extensions, p-cpe:/a:redhat:enterprise_linux:rubygem-highline, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-domain_name, p-cpe:/a:redhat:enterprise_linux:foreman-journald, p-cpe:/a:redhat:enterprise_linux:python-twisted-core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fast_gettext, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_hooks, p-cpe:/a:redhat:enterprise_linux:qpid-tools, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ssh-krb, p-cpe:/a:redhat:enterprise_linux:foreman-gce, p-cpe:/a:redhat:enterprise_linux:python-pymongo-gridfs, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-google, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sexp_processor, p-cpe:/a:redhat:enterprise_linux:rubygem-rack, p-cpe:/a:redhat:enterprise_linux:satellite, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-coffee-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-dynflow, p-cpe:/a:redhat:enterprise_linux:foreman-ec2, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-websocket-driver, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_katello, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-concurrent-ruby, p-cpe:/a:redhat:enterprise_linux:katello-service, p-cpe:/a:redhat:enterprise_linux:python-crane, p-cpe:/a:redhat:enterprise_linux:python-qpid-qmf, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-tools, p-cpe:/a:redhat:enterprise_linux:foreman-ovirt, p-cpe:/a:redhat:enterprise_linux:python2-vine, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native-libs, p-cpe:/a:redhat:enterprise_linux:livecd-tools, p-cpe:/a:redhat:enterprise_linux:mongodb-server, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-journald-native, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby_parser, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-qpid_messaging, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog, p-cpe:/a:redhat:enterprise_linux:katello, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-roadie-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-jsonp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dynflow_core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-katello, p-cpe:/a:redhat:enterprise_linux:rubygem-gssapi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_ansible_core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-bastion, p-cpe:/a:redhat:enterprise_linux:gofer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-bundler_ext, p-cpe:/a:redhat:enterprise_linux:foreman-telemetry, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-actionmailer, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-activejob, p-cpe:/a:redhat:enterprise_linux:python-blinker, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-rack, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-redhat_access, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_ansible, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-sqlite3, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ping, p-cpe:/a:redhat:enterprise_linux:rubygem-concurrent-ruby, p-cpe:/a:redhat:enterprise_linux:rubygem-fast_gettext, p-cpe:/a:redhat:enterprise_linux:rubygem-logging, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-wicked, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-webpack-rails, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-rack-protection, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-activerecord, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-json, p-cpe:/a:redhat:enterprise_linux:python-bson, p-cpe:/a:redhat:enterprise_linux:python-gnupg, p-cpe:/a:redhat:enterprise_linux:libstemmer, p-cpe:/a:redhat:enterprise_linux:foreman-vmware, p-cpe:/a:redhat:enterprise_linux:rubygem-newt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gettext_i18n_rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gssapi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-roadie, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rabl, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_templates, p-cpe:/a:redhat:enterprise_linux:python2-kombu, p-cpe:/a:redhat:enterprise_linux:pulp-ostree-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-docker, p-cpe:/a:redhat:enterprise_linux:createrepo_c-libs, p-cpe:/a:redhat:enterprise_linux:python-okaara, p-cpe:/a:redhat:enterprise_linux:python-pulp-puppet-common, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-bindings, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-child, p-cpe:/a:redhat:enterprise_linux:python-werkzeug, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-thread_safe, p-cpe:/a:redhat:enterprise_linux:python-pulp-oid_validation, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-activemodel, p-cpe:/a:redhat:enterprise_linux:foreman, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-excon, p-cpe:/a:redhat:enterprise_linux:katello-common, p-cpe:/a:redhat:enterprise_linux:liquibase, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-parent, p-cpe:/a:redhat:enterprise_linux:python-kombu, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-actionview, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sshkey, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deep_cloneable, p-cpe:/a:redhat:enterprise_linux:rubygem-little-plugger, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-xenserver, p-cpe:/a:redhat:enterprise_linux:rubygem-ansi, p-cpe:/a:redhat:enterprise_linux:qpid-proton, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rest-client, p-cpe:/a:redhat:enterprise_linux:python-nectar, p-cpe:/a:redhat:enterprise_linux:foreman-selinux, p-cpe:/a:redhat:enterprise_linux:python-saslwrapper, p-cpe:/a:redhat:enterprise_linux:mod_passenger, p-cpe:/a:redhat:enterprise_linux:puppet-agent-oauth, p-cpe:/a:redhat:enterprise_linux:rubygem-mime-types, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ldap_fluff, p-cpe:/a:redhat:enterprise_linux:createrepo_c, p-cpe:/a:redhat:enterprise_linux:foreman-compute, p-cpe:/a:redhat:enterprise_linux:rubygem-sinatra, p-cpe:/a:redhat:enterprise_linux:satellite-installer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_discovery, p-cpe:/a:redhat:enterprise_linux:python-isodate, p-cpe:/a:redhat:enterprise_linux:katello-debug, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_dhcp_remote_isc, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-admin-extensions, p-cpe:/a:redhat:enterprise_linux:python-kid, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http-cookie, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger-native-libs, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rbovirt, p-cpe:/a:redhat:enterprise_linux:python-oauth2, p-cpe:/a:redhat:enterprise_linux:puppet-agent, p-cpe:/a:redhat:enterprise_linux:katello-client-bootstrap, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_pulp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_virt_who_configure, p-cpe:/a:redhat:enterprise_linux:python-pulp-common, p-cpe:/a:redhat:enterprise_linux:python2-django, p-cpe:/a:redhat:enterprise_linux:python2-billiard, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redhat_access, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-execjs, p-cpe:/a:redhat:enterprise_linux:yaml-cpp, p-cpe:/a:redhat:enterprise_linux:python2-amqp, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo_parsers, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger-native, p-cpe:/a:redhat:enterprise_linux:saslwrapper, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks-core, p-cpe:/a:redhat:enterprise_linux:ostree, p-cpe:/a:redhat:enterprise_linux:python-pulp-streamer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-facter, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-coffee-script, p-cpe:/a:redhat:enterprise_linux:python-twisted-web, p-cpe:/a:redhat:enterprise_linux:python-pulp-client-lib, p-cpe:/a:redhat:enterprise_linux:python-pulp-integrity, p-cpe:/a:redhat:enterprise_linux:foreman-proxy-content, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-rails, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-mini_mime, p-cpe:/a:redhat:enterprise_linux:python-amqp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-daemons, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-jwt, p-cpe:/a:redhat:enterprise_linux:python-pulp-rpm-common, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_templates, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_openscap, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-validates_lengths_from_database, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord-session_store, p-cpe:/a:redhat:enterprise_linux:rubygem-netrc, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hashie, p-cpe:/a:redhat:enterprise_linux:candlepin, p-cpe:/a:redhat:enterprise_linux:python-imgcreate, p-cpe:/a:redhat:enterprise_linux:rubygem-hashie, p-cpe:/a:redhat:enterprise_linux:foreman-rackspace, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-i18n, p-cpe:/a:redhat:enterprise_linux:pcp-mmvstatsd, p-cpe:/a:redhat:enterprise_linux:rubygem-openscap, p-cpe:/a:redhat:enterprise_linux:pulp-maintenance, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-nokogiri, p-cpe:/a:redhat:enterprise_linux:rubygem-powerbar, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-plugins, p-cpe:/a:redhat:enterprise_linux:python-gofer-qpid, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-robotex, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-powerbar, p-cpe:/a:redhat:enterprise_linux:python-mongoengine, p-cpe:/a:redhat:enterprise_linux:rubygem-rkerberos, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-libvirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-useragent, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-globalid, p-cpe:/a:redhat:enterprise_linux:python-zope-interface, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-angular-rails-templates, p-cpe:/a:redhat:enterprise_linux:rubygem-rubyipmi, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_dynflow, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_openscap, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-docker-api, p-cpe:/a:redhat:enterprise_linux:ansiblerole-insights-client, p-cpe:/a:redhat:enterprise_linux:pulp-katello, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-tzinfo, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-erubi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_docker, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-admin-extensions, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-rails, p-cpe:/a:redhat:enterprise_linux:rubygem-facter, p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat-tftpboot, p-cpe:/a:redhat:enterprise_linux:rubygem-tilt, p-cpe:/a:redhat:enterprise_linux:python2-celery, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-runtime, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-responders, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-method_source, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sequel, p-cpe:/a:redhat:enterprise_linux:python-celery, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ffi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-addressable, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-faraday, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-actioncable, p-cpe:/a:redhat:enterprise_linux:pulp-rpm, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_remote_execution, p-cpe:/a:redhat:enterprise_linux:satellite-common, p-cpe:/a:redhat:enterprise_linux:pulp-selinux, p-cpe:/a:redhat:enterprise_linux:python-vine, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby2ruby, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-friendly_id, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-vsphere, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-journald-logger, p-cpe:/a:redhat:enterprise_linux:python-pymongo, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_csv, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-openstack, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-rackspace, p-cpe:/a:redhat:enterprise_linux:hfsplus-tools, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-jgrep, p-cpe:/a:redhat:enterprise_linux:rubygem-rest-client, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-nio4r, p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-highline, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode-display_width, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-anemone, p-cpe:/a:redhat:enterprise_linux:candlepin-selinux, p-cpe:/a:redhat:enterprise_linux:rubygem-rsec, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-extlib, p-cpe:/a:redhat:enterprise_linux:python-django, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-activesupport, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-css_parser, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-autoparse, p-cpe:/a:redhat:enterprise_linux:rubygem-bundler_ext, p-cpe:/a:redhat:enterprise_linux:pulp-docker-plugins, p-cpe:/a:redhat:enterprise_linux:tfm-runtime, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-little-plugger, p-cpe:/a:redhat:enterprise_linux:python-gofer, p-cpe:/a:redhat:enterprise_linux:python-anyjson, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_remote_execution_ssh, p-cpe:/a:redhat:enterprise_linux:python-billiard, p-cpe:/a:redhat:enterprise_linux:foreman-proxy, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-logging, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger, p-cpe:/a:redhat:enterprise_linux:python-semantic_version, p-cpe:/a:redhat:enterprise_linux:python-pulp-agent-lib, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rainbow, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-quantile, p-cpe:/a:redhat:enterprise_linux:python-pulp-repoauth, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-railties, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_ansible, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-parse-cron, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_ansible, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-awesome_print, p-cpe:/a:redhat:enterprise_linux:python-pulp-bindings, p-cpe:/a:redhat:enterprise_linux:mongodb, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-coffee-script-source, p-cpe:/a:redhat:enterprise_linux:kobo, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_admin, p-cpe:/a:redhat:enterprise_linux:qpid-proton-c, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_discovery, p-cpe:/a:redhat:enterprise_linux:foreman-openstack, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-arel, p-cpe:/a:redhat:enterprise_linux:python-qpid-proton, p-cpe:/a:redhat:enterprise_linux:python-pulp-docker-common, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_openscap, p-cpe:/a:redhat:enterprise_linux:tfm, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server-linearstore, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-router, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-aws, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-algebrick, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-crass, p-cpe:/a:redhat:enterprise_linux:pulp-ostree-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-plugins, p-cpe:/a:redhat:enterprise_linux:python-flask, p-cpe:/a:redhat:enterprise_linux:python-itsdangerous, p-cpe:/a:redhat:enterprise_linux:pulp-puppet, p-cpe:/a:redhat:enterprise_linux:python-qpid, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-mail, p-cpe:/a:redhat:enterprise_linux:katello-certs-tools, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-multi_json, p-cpe:/a:redhat:enterprise_linux:foreman-debug, p-cpe:/a:redhat:enterprise_linux:rubygem-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution_core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ssh, p-cpe:/a:redhat:enterprise_linux:satellite-capsule, p-cpe:/a:redhat:enterprise_linux:foreman-installer-katello, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-logging-journald, p-cpe:/a:redhat:enterprise_linux:rubygem-clamp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby-libvirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_theme_satellite, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ldap, p-cpe:/a:redhat:enterprise_linux:foreman-cli, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-prometheus-client, p-cpe:/a:redhat:enterprise_linux:pulp-admin-client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-digitalocean, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-builder, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-mime-types, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-tools, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deacon, p-cpe:/a:redhat:enterprise_linux:qpid-cpp, p-cpe:/a:redhat:enterprise_linux:python-pulp-ostree-common, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-formatador, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ovirt_provision_plugin, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-launchy, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo, p-cpe:/a:redhat:enterprise_linux:qpid-qmf, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode, p-cpe:/a:redhat:enterprise_linux:satellite-cli, p-cpe:/a:redhat:enterprise_linux:rubygem-rb-inotify, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deface, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-clamp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pg, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-will_paginate, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-turbolinks, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-x-editable-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_docker, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf_ext, p-cpe:/a:redhat:enterprise_linux:redhat-access-insights-puppet, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-trollop, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ancestry, p-cpe:/a:redhat:enterprise_linux:pulp, p-cpe:/a:redhat:enterprise_linux:rubygem-ffi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-signet, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-google-api-client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_discovery, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-get_process_mem, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-oauth, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-mime-types-data, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-params, p-cpe:/a:redhat:enterprise_linux:tfm-ror51-rubygem-rails-dom-testing, p-cpe:/a:redhat:enterprise_linux:foreman-libvirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-scp, p-cpe:/a:redhat:enterprise_linux:rubygem-oauth, p-cpe:/a:redhat:enterprise_linux:puppet-foreman_scap_client
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/16/2018
Vulnerability Publication Date: 1/6/2016
Reference Information
CVE: CVE-2015-3208, CVE-2015-6644, CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340, CVE-2016-1000341, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345, CVE-2016-1000346, CVE-2016-1000352, CVE-2017-10689, CVE-2017-10690, CVE-2017-12175, CVE-2017-15095, CVE-2017-15100, CVE-2017-5929, CVE-2017-7233, CVE-2017-7536, CVE-2018-10237, CVE-2018-1090, CVE-2018-1096, CVE-2018-1097, CVE-2018-5382, CVE-2018-6188, CVE-2018-7536, CVE-2018-7537