RHEL 7 : CFME 5.6.1 (RHSA-2016:1634)

high Nessus Plugin ID 210188

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1634 advisory.

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.

Security Fix(es):

* It was found that the CloudForms web UI did not properly filter input in certain fields. A remote, authenticated attacker could use this flaw to execute arbitrary code on the system running CloudForms.
(CVE-2016-5383)

This issue was discovered by Eric Hayes (Red Hat).

Additional Changes:

This update also fixes several bugs and adds various enhancements.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/updates/classification/#important

http://www.nessus.org/u?ffb5d980

https://bugzilla.redhat.com/show_bug.cgi?id=1240443

https://bugzilla.redhat.com/show_bug.cgi?id=1255389

https://bugzilla.redhat.com/show_bug.cgi?id=1273404

https://bugzilla.redhat.com/show_bug.cgi?id=1278003

https://bugzilla.redhat.com/show_bug.cgi?id=1284084

https://bugzilla.redhat.com/show_bug.cgi?id=1295523

https://bugzilla.redhat.com/show_bug.cgi?id=1316842

https://bugzilla.redhat.com/show_bug.cgi?id=1335669

https://bugzilla.redhat.com/show_bug.cgi?id=1337676

https://bugzilla.redhat.com/show_bug.cgi?id=1338754

https://bugzilla.redhat.com/show_bug.cgi?id=1338957

https://bugzilla.redhat.com/show_bug.cgi?id=1340072

https://bugzilla.redhat.com/show_bug.cgi?id=1341665

https://bugzilla.redhat.com/show_bug.cgi?id=1341666

https://bugzilla.redhat.com/show_bug.cgi?id=1341667

https://bugzilla.redhat.com/show_bug.cgi?id=1341668

https://bugzilla.redhat.com/show_bug.cgi?id=1341669

https://bugzilla.redhat.com/show_bug.cgi?id=1341670

https://bugzilla.redhat.com/show_bug.cgi?id=1341671

https://bugzilla.redhat.com/show_bug.cgi?id=1342122

https://bugzilla.redhat.com/show_bug.cgi?id=1342220

https://bugzilla.redhat.com/show_bug.cgi?id=1342221

https://bugzilla.redhat.com/show_bug.cgi?id=1342222

https://bugzilla.redhat.com/show_bug.cgi?id=1343515

https://bugzilla.redhat.com/show_bug.cgi?id=1343720

https://bugzilla.redhat.com/show_bug.cgi?id=1343721

https://bugzilla.redhat.com/show_bug.cgi?id=1343723

https://bugzilla.redhat.com/show_bug.cgi?id=1344050

https://bugzilla.redhat.com/show_bug.cgi?id=1344327

https://bugzilla.redhat.com/show_bug.cgi?id=1344328

https://bugzilla.redhat.com/show_bug.cgi?id=1344329

https://bugzilla.redhat.com/show_bug.cgi?id=1344330

https://bugzilla.redhat.com/show_bug.cgi?id=1344331

https://bugzilla.redhat.com/show_bug.cgi?id=1346036

https://bugzilla.redhat.com/show_bug.cgi?id=1346037

https://bugzilla.redhat.com/show_bug.cgi?id=1346057

https://bugzilla.redhat.com/show_bug.cgi?id=1346312

https://bugzilla.redhat.com/show_bug.cgi?id=1346443

https://bugzilla.redhat.com/show_bug.cgi?id=1346909

https://bugzilla.redhat.com/show_bug.cgi?id=1346951

https://bugzilla.redhat.com/show_bug.cgi?id=1346956

https://bugzilla.redhat.com/show_bug.cgi?id=1346968

https://bugzilla.redhat.com/show_bug.cgi?id=1346991

https://bugzilla.redhat.com/show_bug.cgi?id=1347018

https://bugzilla.redhat.com/show_bug.cgi?id=1347695

https://bugzilla.redhat.com/show_bug.cgi?id=1348221

https://bugzilla.redhat.com/show_bug.cgi?id=1348630

https://bugzilla.redhat.com/show_bug.cgi?id=1348632

https://bugzilla.redhat.com/show_bug.cgi?id=1348636

https://bugzilla.redhat.com/show_bug.cgi?id=1348638

https://bugzilla.redhat.com/show_bug.cgi?id=1348645

https://bugzilla.redhat.com/show_bug.cgi?id=1348650

https://bugzilla.redhat.com/show_bug.cgi?id=1348651

https://bugzilla.redhat.com/show_bug.cgi?id=1348989

https://bugzilla.redhat.com/show_bug.cgi?id=1349060

https://bugzilla.redhat.com/show_bug.cgi?id=1349061

https://bugzilla.redhat.com/show_bug.cgi?id=1349062

https://bugzilla.redhat.com/show_bug.cgi?id=1349063

https://bugzilla.redhat.com/show_bug.cgi?id=1349410

https://bugzilla.redhat.com/show_bug.cgi?id=1349414

https://bugzilla.redhat.com/show_bug.cgi?id=1349417

https://bugzilla.redhat.com/show_bug.cgi?id=1349418

https://bugzilla.redhat.com/show_bug.cgi?id=1349419

https://bugzilla.redhat.com/show_bug.cgi?id=1349421

https://bugzilla.redhat.com/show_bug.cgi?id=1349426

https://bugzilla.redhat.com/show_bug.cgi?id=1349427

https://bugzilla.redhat.com/show_bug.cgi?id=1349482

https://bugzilla.redhat.com/show_bug.cgi?id=1349624

https://bugzilla.redhat.com/show_bug.cgi?id=1349625

https://bugzilla.redhat.com/show_bug.cgi?id=1349626

https://bugzilla.redhat.com/show_bug.cgi?id=1349627

https://bugzilla.redhat.com/show_bug.cgi?id=1349628

https://bugzilla.redhat.com/show_bug.cgi?id=1349630

https://bugzilla.redhat.com/show_bug.cgi?id=1349631

https://bugzilla.redhat.com/show_bug.cgi?id=1349636

https://bugzilla.redhat.com/show_bug.cgi?id=1349637

https://bugzilla.redhat.com/show_bug.cgi?id=1349869

https://bugzilla.redhat.com/show_bug.cgi?id=1349876

https://bugzilla.redhat.com/show_bug.cgi?id=1349988

https://bugzilla.redhat.com/show_bug.cgi?id=1349989

https://bugzilla.redhat.com/show_bug.cgi?id=1350448

https://bugzilla.redhat.com/show_bug.cgi?id=1350449

https://bugzilla.redhat.com/show_bug.cgi?id=1350592

https://bugzilla.redhat.com/show_bug.cgi?id=1350593

https://bugzilla.redhat.com/show_bug.cgi?id=1350594

https://bugzilla.redhat.com/show_bug.cgi?id=1350842

https://bugzilla.redhat.com/show_bug.cgi?id=1350903

https://bugzilla.redhat.com/show_bug.cgi?id=1350904

https://bugzilla.redhat.com/show_bug.cgi?id=1350905

https://bugzilla.redhat.com/show_bug.cgi?id=1350906

https://bugzilla.redhat.com/show_bug.cgi?id=1351176

https://bugzilla.redhat.com/show_bug.cgi?id=1351177

https://bugzilla.redhat.com/show_bug.cgi?id=1351178

https://bugzilla.redhat.com/show_bug.cgi?id=1351669

https://bugzilla.redhat.com/show_bug.cgi?id=1351674

https://bugzilla.redhat.com/show_bug.cgi?id=1351678

https://bugzilla.redhat.com/show_bug.cgi?id=1351696

https://bugzilla.redhat.com/show_bug.cgi?id=1352011

https://bugzilla.redhat.com/show_bug.cgi?id=1352012

https://bugzilla.redhat.com/show_bug.cgi?id=1352014

https://bugzilla.redhat.com/show_bug.cgi?id=1352027

https://bugzilla.redhat.com/show_bug.cgi?id=1352134

https://bugzilla.redhat.com/show_bug.cgi?id=1353201

https://bugzilla.redhat.com/show_bug.cgi?id=1353228

https://bugzilla.redhat.com/show_bug.cgi?id=1353231

https://bugzilla.redhat.com/show_bug.cgi?id=1353233

https://bugzilla.redhat.com/show_bug.cgi?id=1353234

https://bugzilla.redhat.com/show_bug.cgi?id=1353235

https://bugzilla.redhat.com/show_bug.cgi?id=1353237

https://bugzilla.redhat.com/show_bug.cgi?id=1353239

https://bugzilla.redhat.com/show_bug.cgi?id=1353240

https://bugzilla.redhat.com/show_bug.cgi?id=1353243

https://bugzilla.redhat.com/show_bug.cgi?id=1353253

https://bugzilla.redhat.com/show_bug.cgi?id=1353255

https://bugzilla.redhat.com/show_bug.cgi?id=1353258

https://bugzilla.redhat.com/show_bug.cgi?id=1353260

https://bugzilla.redhat.com/show_bug.cgi?id=1353277

https://bugzilla.redhat.com/show_bug.cgi?id=1353279

https://bugzilla.redhat.com/show_bug.cgi?id=1353285

https://bugzilla.redhat.com/show_bug.cgi?id=1353287

https://bugzilla.redhat.com/show_bug.cgi?id=1353288

https://bugzilla.redhat.com/show_bug.cgi?id=1353290

https://bugzilla.redhat.com/show_bug.cgi?id=1353292

https://bugzilla.redhat.com/show_bug.cgi?id=1353294

https://bugzilla.redhat.com/show_bug.cgi?id=1353299

https://bugzilla.redhat.com/show_bug.cgi?id=1353300

https://bugzilla.redhat.com/show_bug.cgi?id=1353302

https://bugzilla.redhat.com/show_bug.cgi?id=1353308

https://bugzilla.redhat.com/show_bug.cgi?id=1353310

https://bugzilla.redhat.com/show_bug.cgi?id=1353323

https://bugzilla.redhat.com/show_bug.cgi?id=1353324

https://bugzilla.redhat.com/show_bug.cgi?id=1353326

https://bugzilla.redhat.com/show_bug.cgi?id=1353587

https://bugzilla.redhat.com/show_bug.cgi?id=1353646

https://bugzilla.redhat.com/show_bug.cgi?id=1353647

https://bugzilla.redhat.com/show_bug.cgi?id=1353651

https://bugzilla.redhat.com/show_bug.cgi?id=1353657

https://bugzilla.redhat.com/show_bug.cgi?id=1353717

https://bugzilla.redhat.com/show_bug.cgi?id=1353719

https://bugzilla.redhat.com/show_bug.cgi?id=1353722

https://bugzilla.redhat.com/show_bug.cgi?id=1353974

https://bugzilla.redhat.com/show_bug.cgi?id=1354562

https://bugzilla.redhat.com/show_bug.cgi?id=1355785

https://bugzilla.redhat.com/show_bug.cgi?id=1355786

https://bugzilla.redhat.com/show_bug.cgi?id=1355787

https://bugzilla.redhat.com/show_bug.cgi?id=1355788

https://bugzilla.redhat.com/show_bug.cgi?id=1355789

https://bugzilla.redhat.com/show_bug.cgi?id=1356133

https://bugzilla.redhat.com/show_bug.cgi?id=1356251

https://bugzilla.redhat.com/show_bug.cgi?id=1356256

https://bugzilla.redhat.com/show_bug.cgi?id=1356624

https://bugzilla.redhat.com/show_bug.cgi?id=1356647

https://bugzilla.redhat.com/show_bug.cgi?id=1356659

https://bugzilla.redhat.com/show_bug.cgi?id=1356703

https://bugzilla.redhat.com/show_bug.cgi?id=1356704

https://bugzilla.redhat.com/show_bug.cgi?id=1356705

https://bugzilla.redhat.com/show_bug.cgi?id=1356973

https://bugzilla.redhat.com/show_bug.cgi?id=1357519

https://bugzilla.redhat.com/show_bug.cgi?id=1357520

https://bugzilla.redhat.com/show_bug.cgi?id=1358037

https://bugzilla.redhat.com/show_bug.cgi?id=1358303

https://bugzilla.redhat.com/show_bug.cgi?id=1359075

https://bugzilla.redhat.com/show_bug.cgi?id=1359150

https://bugzilla.redhat.com/show_bug.cgi?id=1359155

https://bugzilla.redhat.com/show_bug.cgi?id=1359295

https://bugzilla.redhat.com/show_bug.cgi?id=1359785

https://bugzilla.redhat.com/show_bug.cgi?id=1359937

https://bugzilla.redhat.com/show_bug.cgi?id=1359966

https://bugzilla.redhat.com/show_bug.cgi?id=1360330

https://bugzilla.redhat.com/show_bug.cgi?id=1360364

https://bugzilla.redhat.com/show_bug.cgi?id=1360384

https://bugzilla.redhat.com/show_bug.cgi?id=1360772

https://bugzilla.redhat.com/show_bug.cgi?id=1360901

https://bugzilla.redhat.com/show_bug.cgi?id=1361189

https://bugzilla.redhat.com/show_bug.cgi?id=1361237

https://bugzilla.redhat.com/show_bug.cgi?id=1361308

https://bugzilla.redhat.com/show_bug.cgi?id=1361610

https://bugzilla.redhat.com/show_bug.cgi?id=1361844

https://bugzilla.redhat.com/show_bug.cgi?id=1362181

https://bugzilla.redhat.com/show_bug.cgi?id=1362228

https://bugzilla.redhat.com/show_bug.cgi?id=1362271

https://bugzilla.redhat.com/show_bug.cgi?id=1362654

https://bugzilla.redhat.com/show_bug.cgi?id=1363808

https://bugzilla.redhat.com/show_bug.cgi?id=1364061

https://bugzilla.redhat.com/show_bug.cgi?id=1364063

https://bugzilla.redhat.com/show_bug.cgi?id=1365907

https://bugzilla.redhat.com/show_bug.cgi?id=1366359

https://bugzilla.redhat.com/show_bug.cgi?id=1366360

http://www.nessus.org/u?7b57b2ab

https://access.redhat.com/errata/RHSA-2016:1634

Plugin Details

Severity: High

ID: 210188

File Name: redhat-RHSA-2016-1634.nasl

Version: 1.1

Type: local

Agent: unix

Published: 11/4/2024

Updated: 11/4/2024

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2016-5383

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:cfme-appliance, p-cpe:/a:redhat:enterprise_linux:cfme-gemset, p-cpe:/a:redhat:enterprise_linux:google-config, p-cpe:/a:redhat:enterprise_linux:google-compute-engine, p-cpe:/a:redhat:enterprise_linux:cfme

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 8/18/2016

Vulnerability Publication Date: 8/18/2016

Reference Information

CVE: CVE-2016-5383

CWE: 20

RHSA: 2016:1634