RHEL 7 : Red Hat Satellite 6 (RHSA-2019:3172)

high Nessus Plugin ID 130187

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3172 advisory.

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.

Security Fix(es):

* rubygem-rack: Buffer size in multipart parser allows for denial of service (CVE-2018-16470)

* dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents (CVE-2018-1000632)

* foreman: authorization bypasses in foreman-tasks leading to information disclosure (CVE-2019-10198)

* katello: registry credentials are captured in plain text during repository discovery (CVE-2019-14825)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?9b13e096

https://access.redhat.com/errata/RHSA-2019:3172

https://bugzilla.redhat.com/show_bug.cgi?id=1111223

https://bugzilla.redhat.com/show_bug.cgi?id=1152515

https://bugzilla.redhat.com/show_bug.cgi?id=1163020

https://bugzilla.redhat.com/show_bug.cgi?id=1194093

https://bugzilla.redhat.com/show_bug.cgi?id=1336439

https://bugzilla.redhat.com/show_bug.cgi?id=1378579

https://bugzilla.redhat.com/show_bug.cgi?id=1402136

https://bugzilla.redhat.com/show_bug.cgi?id=1465521

https://bugzilla.redhat.com/show_bug.cgi?id=1490850

https://bugzilla.redhat.com/show_bug.cgi?id=1503426

https://bugzilla.redhat.com/show_bug.cgi?id=1505932

https://bugzilla.redhat.com/show_bug.cgi?id=1559006

https://bugzilla.redhat.com/show_bug.cgi?id=1561876

https://bugzilla.redhat.com/show_bug.cgi?id=1591629

https://bugzilla.redhat.com/show_bug.cgi?id=1593480

https://bugzilla.redhat.com/show_bug.cgi?id=1596411

https://bugzilla.redhat.com/show_bug.cgi?id=1601602

https://bugzilla.redhat.com/show_bug.cgi?id=1608712

https://bugzilla.redhat.com/show_bug.cgi?id=1609371

https://bugzilla.redhat.com/show_bug.cgi?id=1612800

https://bugzilla.redhat.com/show_bug.cgi?id=1620529

https://bugzilla.redhat.com/show_bug.cgi?id=1630548

https://bugzilla.redhat.com/show_bug.cgi?id=1634755

https://bugzilla.redhat.com/show_bug.cgi?id=1643649

https://bugzilla.redhat.com/show_bug.cgi?id=1644201

https://bugzilla.redhat.com/show_bug.cgi?id=1646814

https://bugzilla.redhat.com/show_bug.cgi?id=1649944

https://bugzilla.redhat.com/show_bug.cgi?id=1650641

https://bugzilla.redhat.com/show_bug.cgi?id=1651389

https://bugzilla.redhat.com/show_bug.cgi?id=1653293

https://bugzilla.redhat.com/show_bug.cgi?id=1658265

https://bugzilla.redhat.com/show_bug.cgi?id=1658284

https://bugzilla.redhat.com/show_bug.cgi?id=1658318

https://bugzilla.redhat.com/show_bug.cgi?id=1658553

https://bugzilla.redhat.com/show_bug.cgi?id=1659979

https://bugzilla.redhat.com/show_bug.cgi?id=1671274

https://bugzilla.redhat.com/show_bug.cgi?id=1671318

https://bugzilla.redhat.com/show_bug.cgi?id=1672706

https://bugzilla.redhat.com/show_bug.cgi?id=1673447

https://bugzilla.redhat.com/show_bug.cgi?id=1679225

https://bugzilla.redhat.com/show_bug.cgi?id=1679300

https://bugzilla.redhat.com/show_bug.cgi?id=1684573

https://bugzilla.redhat.com/show_bug.cgi?id=1686514

https://bugzilla.redhat.com/show_bug.cgi?id=1687543

https://bugzilla.redhat.com/show_bug.cgi?id=1687801

https://bugzilla.redhat.com/show_bug.cgi?id=1690070

https://bugzilla.redhat.com/show_bug.cgi?id=1690204

https://bugzilla.redhat.com/show_bug.cgi?id=1691074

https://bugzilla.redhat.com/show_bug.cgi?id=1691443

https://bugzilla.redhat.com/show_bug.cgi?id=1698148

https://bugzilla.redhat.com/show_bug.cgi?id=1698178

https://bugzilla.redhat.com/show_bug.cgi?id=1698182

https://bugzilla.redhat.com/show_bug.cgi?id=1703476

https://bugzilla.redhat.com/show_bug.cgi?id=1705099

https://bugzilla.redhat.com/show_bug.cgi?id=1706265

https://bugzilla.redhat.com/show_bug.cgi?id=1706267

https://bugzilla.redhat.com/show_bug.cgi?id=1706274

https://bugzilla.redhat.com/show_bug.cgi?id=1706277

https://bugzilla.redhat.com/show_bug.cgi?id=1706296

https://bugzilla.redhat.com/show_bug.cgi?id=1706721

https://bugzilla.redhat.com/show_bug.cgi?id=1706743

https://bugzilla.redhat.com/show_bug.cgi?id=1707157

https://bugzilla.redhat.com/show_bug.cgi?id=1709761

https://bugzilla.redhat.com/show_bug.cgi?id=1712554

https://bugzilla.redhat.com/show_bug.cgi?id=1712889

https://bugzilla.redhat.com/show_bug.cgi?id=1712985

https://bugzilla.redhat.com/show_bug.cgi?id=1713103

https://bugzilla.redhat.com/show_bug.cgi?id=1713248

https://bugzilla.redhat.com/show_bug.cgi?id=1713274

https://bugzilla.redhat.com/show_bug.cgi?id=1713802

https://bugzilla.redhat.com/show_bug.cgi?id=1714234

https://bugzilla.redhat.com/show_bug.cgi?id=1714604

https://bugzilla.redhat.com/show_bug.cgi?id=1715898

https://bugzilla.redhat.com/show_bug.cgi?id=1716877

https://bugzilla.redhat.com/show_bug.cgi?id=1716900

https://bugzilla.redhat.com/show_bug.cgi?id=1717069

https://bugzilla.redhat.com/show_bug.cgi?id=1717248

https://bugzilla.redhat.com/show_bug.cgi?id=1717883

https://bugzilla.redhat.com/show_bug.cgi?id=1718009

https://bugzilla.redhat.com/show_bug.cgi?id=1718889

https://bugzilla.redhat.com/show_bug.cgi?id=1720200

https://bugzilla.redhat.com/show_bug.cgi?id=1721055

https://bugzilla.redhat.com/show_bug.cgi?id=1722475

https://bugzilla.redhat.com/show_bug.cgi?id=1722713

https://bugzilla.redhat.com/show_bug.cgi?id=1723733

https://bugzilla.redhat.com/show_bug.cgi?id=1724064

https://bugzilla.redhat.com/show_bug.cgi?id=1724739

https://bugzilla.redhat.com/show_bug.cgi?id=1725250

https://bugzilla.redhat.com/show_bug.cgi?id=1725289

https://bugzilla.redhat.com/show_bug.cgi?id=1727320

https://bugzilla.redhat.com/show_bug.cgi?id=1727927

https://bugzilla.redhat.com/show_bug.cgi?id=1728289

https://bugzilla.redhat.com/show_bug.cgi?id=1728306

https://bugzilla.redhat.com/show_bug.cgi?id=1729049

https://bugzilla.redhat.com/show_bug.cgi?id=1729130

https://bugzilla.redhat.com/show_bug.cgi?id=1729149

https://bugzilla.redhat.com/show_bug.cgi?id=1729153

https://bugzilla.redhat.com/show_bug.cgi?id=1730397

https://bugzilla.redhat.com/show_bug.cgi?id=1730668

https://bugzilla.redhat.com/show_bug.cgi?id=1731112

https://bugzilla.redhat.com/show_bug.cgi?id=1731639

https://bugzilla.redhat.com/show_bug.cgi?id=1732066

https://bugzilla.redhat.com/show_bug.cgi?id=1732601

https://bugzilla.redhat.com/show_bug.cgi?id=1737488

https://bugzilla.redhat.com/show_bug.cgi?id=1739367

https://bugzilla.redhat.com/show_bug.cgi?id=1739485

https://bugzilla.redhat.com/show_bug.cgi?id=1739712

https://bugzilla.redhat.com/show_bug.cgi?id=1744515

https://bugzilla.redhat.com/show_bug.cgi?id=1746166

https://bugzilla.redhat.com/show_bug.cgi?id=1746175

https://bugzilla.redhat.com/show_bug.cgi?id=1746581

https://bugzilla.redhat.com/show_bug.cgi?id=1747177

https://bugzilla.redhat.com/show_bug.cgi?id=1747654

https://bugzilla.redhat.com/show_bug.cgi?id=1750846

https://bugzilla.redhat.com/show_bug.cgi?id=1751384

https://bugzilla.redhat.com/show_bug.cgi?id=1752256

https://access.redhat.com/security/updates/classification/#moderate

Plugin Details

Severity: High

ID: 130187

File Name: redhat-RHSA-2019-3172.nasl

Version: 1.14

Type: local

Agent: unix

Published: 10/24/2019

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2019-10906

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:python2-lockfile, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_discovery_image, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ovirt-engine-sdk, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-multi_json, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-locale, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-safemode, p-cpe:/a:redhat:enterprise_linux:foreman-postgresql, p-cpe:/a:redhat:enterprise_linux:rubygem-multi_json, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rails-i18n, p-cpe:/a:redhat:enterprise_linux:satellite-debug-tools, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-sinatra, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-coffee-script-source, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-runcible, p-cpe:/a:redhat:enterprise_linux:python-jinja2, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-loofah, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redhat_access_lib, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-cors, p-cpe:/a:redhat:enterprise_linux:libwebsockets, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf, p-cpe:/a:redhat:enterprise_linux:rubygem-rack-protection, p-cpe:/a:redhat:enterprise_linux:foreman-installer, p-cpe:/a:redhat:enterprise_linux:puppetserver, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-audited, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rbvmomi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-diffy, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-builder, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-actionmailer, p-cpe:/a:redhat:enterprise_linux:rubygem-logging-journald, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-statsd-instrument, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client, p-cpe:/a:redhat:enterprise_linux:foreman-proxy-journald, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-recursive-open-struct, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-public_suffix, p-cpe:/a:redhat:enterprise_linux:repoview, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_tasks, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-core, p-cpe:/a:redhat:enterprise_linux:pulp-server, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-ovirt, p-cpe:/a:redhat:enterprise_linux:mod_xsendfile, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-railties, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-secure_headers, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-record_tag_helper, p-cpe:/a:redhat:enterprise_linux:python-simplejson, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-xml, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_virt_who_configure, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-httpclient, p-cpe:/a:redhat:enterprise_linux:katello-selinux, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-netrc, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo_wizards, p-cpe:/a:redhat:enterprise_linux:rubygem-rake, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client-devel, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-retriable, p-cpe:/a:redhat:enterprise_linux:python2-ansible-runner, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-polyglot, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-concurrent-ruby-edge, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-multipart-post, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-execjs, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-git, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-common, p-cpe:/a:redhat:enterprise_linux:pulp-ostree, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ipaddress, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman, p-cpe:/a:redhat:enterprise_linux:puppetlabs-stdlib, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-scoped_search, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http_parser.rb, p-cpe:/a:redhat:enterprise_linux:pulp-docker-admin-extensions, p-cpe:/a:redhat:enterprise_linux:rubygem-highline, p-cpe:/a:redhat:enterprise_linux:python2-werkzeug, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-domain_name, p-cpe:/a:redhat:enterprise_linux:foreman-journald, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-mimemagic, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-activejob, p-cpe:/a:redhat:enterprise_linux:rubygem-faraday_middleware, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fast_gettext, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_hooks, p-cpe:/a:redhat:enterprise_linux:qpid-tools, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ssh-krb, p-cpe:/a:redhat:enterprise_linux:foreman-gce, p-cpe:/a:redhat:enterprise_linux:ansible-runner, p-cpe:/a:redhat:enterprise_linux:python-pymongo-gridfs, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-google, p-cpe:/a:redhat:enterprise_linux:rubygem-net-ssh, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sexp_processor, p-cpe:/a:redhat:enterprise_linux:rubygem-journald-logger, p-cpe:/a:redhat:enterprise_linux:rubygem-rack, p-cpe:/a:redhat:enterprise_linux:satellite, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-memoist, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-mail, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-dynflow, p-cpe:/a:redhat:enterprise_linux:foreman-ec2, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_katello, p-cpe:/a:redhat:enterprise_linux:katello-service, p-cpe:/a:redhat:enterprise_linux:python-crane, p-cpe:/a:redhat:enterprise_linux:python-pycurl, p-cpe:/a:redhat:enterprise_linux:python-qpid-qmf, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-sprockets-rails, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-tools, p-cpe:/a:redhat:enterprise_linux:foreman-ovirt, p-cpe:/a:redhat:enterprise_linux:python2-vine, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native-libs, p-cpe:/a:redhat:enterprise_linux:livecd-tools, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-marcel, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-rack-test, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-crass, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-journald-native, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby_parser, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-qpid_messaging, p-cpe:/a:redhat:enterprise_linux:katello, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-actioncable, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-roadie-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rack-jsonp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-smart_proxy_dynflow_core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-katello, p-cpe:/a:redhat:enterprise_linux:rubygem-gssapi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_ansible_core, p-cpe:/a:redhat:enterprise_linux:python2-anyjson, p-cpe:/a:redhat:enterprise_linux:gofer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-bundler_ext, p-cpe:/a:redhat:enterprise_linux:python2-pexpect, p-cpe:/a:redhat:enterprise_linux:foreman-telemetry, p-cpe:/a:redhat:enterprise_linux:python-psutil, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-erubi, p-cpe:/a:redhat:enterprise_linux:python-blinker, p-cpe:/a:redhat:enterprise_linux:python2-okaara, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_dhcp_infoblox, p-cpe:/a:redhat:enterprise_linux:python-twisted, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_ansible, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ping, p-cpe:/a:redhat:enterprise_linux:rubygem-concurrent-ruby, p-cpe:/a:redhat:enterprise_linux:rubygem-fast_gettext, p-cpe:/a:redhat:enterprise_linux:rubygem-logging, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-wicked, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-webpack-rails, p-cpe:/a:redhat:enterprise_linux:python2-click, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-json, p-cpe:/a:redhat:enterprise_linux:python-bson, p-cpe:/a:redhat:enterprise_linux:python-gnupg, p-cpe:/a:redhat:enterprise_linux:python-lockfile, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-coffee-rails, p-cpe:/a:redhat:enterprise_linux:foreman-vmware, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-kubevirt, p-cpe:/a:redhat:enterprise_linux:rubygem-newt, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-sqlite3, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gettext_i18n_rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gssapi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-roadie, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rabl, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-rails-dom-testing, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_templates, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-zest, p-cpe:/a:redhat:enterprise_linux:python2-gobject, p-cpe:/a:redhat:enterprise_linux:python2-kombu, p-cpe:/a:redhat:enterprise_linux:pulp-ostree-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-docker, p-cpe:/a:redhat:enterprise_linux:createrepo_c-libs, p-cpe:/a:redhat:enterprise_linux:python-okaara, p-cpe:/a:redhat:enterprise_linux:python-pulp-puppet-common, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-arel, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-bindings, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-globalid, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-child, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord-import, p-cpe:/a:redhat:enterprise_linux:python-werkzeug, p-cpe:/a:redhat:enterprise_linux:python-pulp-oid_validation, p-cpe:/a:redhat:enterprise_linux:rubygem-bundler_ext, p-cpe:/a:redhat:enterprise_linux:pulp-docker-plugins, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-kubeclient, p-cpe:/a:redhat:enterprise_linux:tfm-runtime, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-little-plugger, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-rack-protection, p-cpe:/a:redhat:enterprise_linux:python2-twisted, p-cpe:/a:redhat:enterprise_linux:python-gofer, p-cpe:/a:redhat:enterprise_linux:python-anyjson, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_remote_execution_ssh, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-rails-html-sanitizer, p-cpe:/a:redhat:enterprise_linux:python-billiard, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-thor, p-cpe:/a:redhat:enterprise_linux:foreman-proxy, p-cpe:/a:redhat:enterprise_linux:python2-solv, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-logging, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger, p-cpe:/a:redhat:enterprise_linux:python-semantic_version, p-cpe:/a:redhat:enterprise_linux:python-pulp-agent-lib, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rainbow, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-quantile, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-os, p-cpe:/a:redhat:enterprise_linux:python-pulp-repoauth, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-thread_safe, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_ansible, p-cpe:/a:redhat:enterprise_linux:rubygem-jwt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-parse-cron, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_ansible, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-awesome_print, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-router, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-aws, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-algebrick, p-cpe:/a:redhat:enterprise_linux:pulp-ostree-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-plugins, p-cpe:/a:redhat:enterprise_linux:python-flask, p-cpe:/a:redhat:enterprise_linux:python-itsdangerous, p-cpe:/a:redhat:enterprise_linux:pulp-puppet, p-cpe:/a:redhat:enterprise_linux:python-qpid, p-cpe:/a:redhat:enterprise_linux:katello-certs-tools, p-cpe:/a:redhat:enterprise_linux:foreman-debug, p-cpe:/a:redhat:enterprise_linux:rubygem-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:python2-pycurl, p-cpe:/a:redhat:enterprise_linux:python2-crane, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution_core, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ssh, p-cpe:/a:redhat:enterprise_linux:satellite-capsule, p-cpe:/a:redhat:enterprise_linux:foreman-installer-katello, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-logging-journald, p-cpe:/a:redhat:enterprise_linux:rubygem-clamp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby-libvirt, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_theme_satellite, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-runtime, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_kubevirt, p-cpe:/a:redhat:enterprise_linux:tfm-ror52, p-cpe:/a:redhat:enterprise_linux:python-pexpect, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-ldap, p-cpe:/a:redhat:enterprise_linux:foreman-cli, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-prometheus-client, p-cpe:/a:redhat:enterprise_linux:pulp-admin-client, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-actionpack, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-tools, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deacon, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:python-pulp-ostree-common, p-cpe:/a:redhat:enterprise_linux:qpid-cpp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-formatador, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ovirt_provision_plugin, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo, p-cpe:/a:redhat:enterprise_linux:qpid-qmf, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode, p-cpe:/a:redhat:enterprise_linux:satellite-cli, p-cpe:/a:redhat:enterprise_linux:python2-isodate, p-cpe:/a:redhat:enterprise_linux:rubygem-rb-inotify, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-websocket-extensions, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deface, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-clamp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-pg, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-will_paginate, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-optimist, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-x-editable-rails, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_docker, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unf_ext, p-cpe:/a:redhat:enterprise_linux:redhat-access-insights-puppet, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ancestry, p-cpe:/a:redhat:enterprise_linux:pulp, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-nokogiri, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-tilt, p-cpe:/a:redhat:enterprise_linux:python-click, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-mime-types, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-mini_portile2, p-cpe:/a:redhat:enterprise_linux:rubygem-ffi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-signet, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-google-api-client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_discovery, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-activerecord, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-get_process_mem, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-oauth, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-params, p-cpe:/a:redhat:enterprise_linux:foreman-libvirt, p-cpe:/a:redhat:enterprise_linux:rhel8-kickstart-setup, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-net-scp, p-cpe:/a:redhat:enterprise_linux:rubygem-oauth, p-cpe:/a:redhat:enterprise_linux:puppet-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:foreman, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-excon, p-cpe:/a:redhat:enterprise_linux:katello-common, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-coffee-script, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-parent, p-cpe:/a:redhat:enterprise_linux:python2-itsdangerous, p-cpe:/a:redhat:enterprise_linux:python2-future, p-cpe:/a:redhat:enterprise_linux:python-kombu, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-rails, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-method_source, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sshkey, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-deep_cloneable, p-cpe:/a:redhat:enterprise_linux:rubygem-little-plugger, p-cpe:/a:redhat:enterprise_linux:rubygem-ansi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-declarative-option, p-cpe:/a:redhat:enterprise_linux:qpid-proton, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rest-client, p-cpe:/a:redhat:enterprise_linux:python-nectar, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-uber, p-cpe:/a:redhat:enterprise_linux:foreman-selinux, p-cpe:/a:redhat:enterprise_linux:python-saslwrapper, p-cpe:/a:redhat:enterprise_linux:mod_passenger, p-cpe:/a:redhat:enterprise_linux:puppet-agent-oauth, p-cpe:/a:redhat:enterprise_linux:python-daemon, p-cpe:/a:redhat:enterprise_linux:rubygem-mime-types, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_dynflow, p-cpe:/a:redhat:enterprise_linux:python2-flask, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-declarative, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_openscap, p-cpe:/a:redhat:enterprise_linux:rubygem-multipart-post, p-cpe:/a:redhat:enterprise_linux:ansiblerole-insights-client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http-form_data, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-mini_mime, p-cpe:/a:redhat:enterprise_linux:pulp-katello, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-text, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_docker, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-admin-extensions, p-cpe:/a:redhat:enterprise_linux:python2-gobject-base, p-cpe:/a:redhat:enterprise_linux:foreman-discovery-image, p-cpe:/a:redhat:enterprise_linux:rubygem-facter, p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat-tftpboot, p-cpe:/a:redhat:enterprise_linux:rubygem-tilt, p-cpe:/a:redhat:enterprise_linux:python2-celery, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-responders, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-nio4r, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-sequel, p-cpe:/a:redhat:enterprise_linux:python-celery, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-mustermann, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ffi, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-addressable, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-faraday, p-cpe:/a:redhat:enterprise_linux:pulp-rpm, p-cpe:/a:redhat:enterprise_linux:python-markupsafe, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_remote_execution, p-cpe:/a:redhat:enterprise_linux:libsolv, p-cpe:/a:redhat:enterprise_linux:satellite-common, p-cpe:/a:redhat:enterprise_linux:pulp-selinux, p-cpe:/a:redhat:enterprise_linux:python-vine, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ruby2ruby, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-friendly_id, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-actionview, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-vsphere, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-activesupport, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-journald-logger, p-cpe:/a:redhat:enterprise_linux:python-pymongo, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-concurrent-ruby, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-websocket-driver, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-openstack, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-rackspace, p-cpe:/a:redhat:enterprise_linux:hfsplus-tools, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-jgrep, p-cpe:/a:redhat:enterprise_linux:rubygem-rest-client, p-cpe:/a:redhat:enterprise_linux:foreman-bootloaders-redhat, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-activestorage, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-highline, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-mime-types-data, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-unicode-display_width, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-anemone, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-i18n, p-cpe:/a:redhat:enterprise_linux:candlepin-selinux, p-cpe:/a:redhat:enterprise_linux:rubygem-rsec, p-cpe:/a:redhat:enterprise_linux:python-django, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-googleauth, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-css_parser, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-tzinfo, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ldap_fluff, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-gettext, p-cpe:/a:redhat:enterprise_linux:createrepo_c, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-promise.rb, p-cpe:/a:redhat:enterprise_linux:rubygem-sinatra, p-cpe:/a:redhat:enterprise_linux:satellite-installer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_discovery, p-cpe:/a:redhat:enterprise_linux:python2-daemon, p-cpe:/a:redhat:enterprise_linux:python-isodate, p-cpe:/a:redhat:enterprise_linux:katello-debug, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_dhcp_remote_isc, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_dns_infoblox, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-admin-extensions, p-cpe:/a:redhat:enterprise_linux:python-kid, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http-cookie, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger-native-libs, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-ethon, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-rbovirt, p-cpe:/a:redhat:enterprise_linux:python-oauth2, p-cpe:/a:redhat:enterprise_linux:puppet-agent, p-cpe:/a:redhat:enterprise_linux:pycairo, p-cpe:/a:redhat:enterprise_linux:python2-nectar, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-graphql-batch, p-cpe:/a:redhat:enterprise_linux:python2-jinja2, p-cpe:/a:redhat:enterprise_linux:pygobject3, p-cpe:/a:redhat:enterprise_linux:katello-client-bootstrap, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_pulp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_virt_who_configure, p-cpe:/a:redhat:enterprise_linux:python-pulp-common, p-cpe:/a:redhat:enterprise_linux:python2-django, p-cpe:/a:redhat:enterprise_linux:python2-billiard, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-turbolinks, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-redhat_access, p-cpe:/a:redhat:enterprise_linux:python2-ptyprocess, p-cpe:/a:redhat:enterprise_linux:rubygem-faraday, p-cpe:/a:redhat:enterprise_linux:python2-amqp, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo_parsers, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-passenger-native, p-cpe:/a:redhat:enterprise_linux:saslwrapper, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks-core, p-cpe:/a:redhat:enterprise_linux:ostree, p-cpe:/a:redhat:enterprise_linux:python-pulp-streamer, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-facter, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-http, p-cpe:/a:redhat:enterprise_linux:python-pulp-client-lib, p-cpe:/a:redhat:enterprise_linux:python-pulp-integrity, p-cpe:/a:redhat:enterprise_linux:libmodulemd, p-cpe:/a:redhat:enterprise_linux:foreman-proxy-content, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-representable, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-apipie-rails, p-cpe:/a:redhat:enterprise_linux:python-amqp, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-daemons, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-jwt, p-cpe:/a:redhat:enterprise_linux:python2-markupsafe, p-cpe:/a:redhat:enterprise_linux:python-pulp-rpm-common, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_templates, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_openscap, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-validates_lengths_from_database, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-activerecord-session_store, p-cpe:/a:redhat:enterprise_linux:rubygem-netrc, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hashie, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-typhoeus, p-cpe:/a:redhat:enterprise_linux:candlepin, p-cpe:/a:redhat:enterprise_linux:python-imgcreate, p-cpe:/a:redhat:enterprise_linux:rubygem-hashie, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_kubevirt, p-cpe:/a:redhat:enterprise_linux:foreman-rackspace, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-rack, p-cpe:/a:redhat:enterprise_linux:pcp-mmvstatsd, p-cpe:/a:redhat:enterprise_linux:rubygem-openscap, p-cpe:/a:redhat:enterprise_linux:pulp-maintenance, p-cpe:/a:redhat:enterprise_linux:rubygem-powerbar, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman-tasks, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-plugins, p-cpe:/a:redhat:enterprise_linux:python-gofer-qpid, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-robotex, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-foreman_remote_execution, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-powerbar, p-cpe:/a:redhat:enterprise_linux:python-mongoengine, p-cpe:/a:redhat:enterprise_linux:rubygem-rkerberos, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-fog-libvirt, p-cpe:/a:redhat:enterprise_linux:rubygem-infoblox, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-graphql, p-cpe:/a:redhat:enterprise_linux:python-zope-interface, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-angular-rails-templates, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-activemodel, p-cpe:/a:redhat:enterprise_linux:rubygem-rubyipmi, p-cpe:/a:redhat:enterprise_linux:python-ptyprocess, p-cpe:/a:redhat:enterprise_linux:future, p-cpe:/a:redhat:enterprise_linux:python-pulp-bindings, p-cpe:/a:redhat:enterprise_linux:tfm-ror52-rubygem-sprockets, p-cpe:/a:redhat:enterprise_linux:kobo, p-cpe:/a:redhat:enterprise_linux:rubygem-journald-native, p-cpe:/a:redhat:enterprise_linux:ansiblerole-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_admin, p-cpe:/a:redhat:enterprise_linux:qpid-proton-c, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_discovery, p-cpe:/a:redhat:enterprise_linux:foreman-openstack, p-cpe:/a:redhat:enterprise_linux:python-qpid-proton, p-cpe:/a:redhat:enterprise_linux:python-pulp-docker-common, p-cpe:/a:redhat:enterprise_linux:tfm-rubygem-hammer_cli_foreman_openscap, p-cpe:/a:redhat:enterprise_linux:tfm, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server-linearstore

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/22/2019

Vulnerability Publication Date: 10/23/2017

Reference Information

CVE: CVE-2016-10516, CVE-2016-10745, CVE-2018-1000632, CVE-2018-16470, CVE-2019-10198, CVE-2019-10906, CVE-2019-12387, CVE-2019-14825, CVE-2019-3893

BID: 106608, 107166, 107846, 109151

CWE: 113, 138, 287, 312, 400, 732, 79, 88

RHSA: 2019:3172