Detections
Analytics
RHEL 7 : CFME 5.6.1 (RHSA-2016:1634)
high Nessus Plugin ID 210188
Synopsis
The remote Red Hat host is missing a security update.Description
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:1634 advisory.Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.
Security Fix(es):
* It was found that the CloudForms web UI did not properly filter input in certain fields. A remote, authenticated attacker could use this flaw to execute arbitrary code on the system running CloudForms.
(CVE-2016-5383)
This issue was discovered by Eric Hayes (Red Hat).
Additional Changes:
This update also fixes several bugs and adds various enhancements.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://access.redhat.com/security/updates/classification/#important
http://www.nessus.org/u?ffb5d980
https://bugzilla.redhat.com/show_bug.cgi?id=1240443
https://bugzilla.redhat.com/show_bug.cgi?id=1255389
https://bugzilla.redhat.com/show_bug.cgi?id=1273404
https://bugzilla.redhat.com/show_bug.cgi?id=1278003
https://bugzilla.redhat.com/show_bug.cgi?id=1284084
https://bugzilla.redhat.com/show_bug.cgi?id=1295523
https://bugzilla.redhat.com/show_bug.cgi?id=1316842
https://bugzilla.redhat.com/show_bug.cgi?id=1335669
https://bugzilla.redhat.com/show_bug.cgi?id=1337676
https://bugzilla.redhat.com/show_bug.cgi?id=1338754
https://bugzilla.redhat.com/show_bug.cgi?id=1338957
https://bugzilla.redhat.com/show_bug.cgi?id=1340072
https://bugzilla.redhat.com/show_bug.cgi?id=1341665
https://bugzilla.redhat.com/show_bug.cgi?id=1341666
https://bugzilla.redhat.com/show_bug.cgi?id=1341667
https://bugzilla.redhat.com/show_bug.cgi?id=1341668
https://bugzilla.redhat.com/show_bug.cgi?id=1341669
https://bugzilla.redhat.com/show_bug.cgi?id=1341670
https://bugzilla.redhat.com/show_bug.cgi?id=1341671
https://bugzilla.redhat.com/show_bug.cgi?id=1342122
https://bugzilla.redhat.com/show_bug.cgi?id=1342220
https://bugzilla.redhat.com/show_bug.cgi?id=1342221
https://bugzilla.redhat.com/show_bug.cgi?id=1342222
https://bugzilla.redhat.com/show_bug.cgi?id=1343515
https://bugzilla.redhat.com/show_bug.cgi?id=1349410
https://bugzilla.redhat.com/show_bug.cgi?id=1349414
https://bugzilla.redhat.com/show_bug.cgi?id=1349417
https://bugzilla.redhat.com/show_bug.cgi?id=1349418
https://bugzilla.redhat.com/show_bug.cgi?id=1349419
https://bugzilla.redhat.com/show_bug.cgi?id=1349421
https://bugzilla.redhat.com/show_bug.cgi?id=1349426
https://bugzilla.redhat.com/show_bug.cgi?id=1349427
https://bugzilla.redhat.com/show_bug.cgi?id=1349482
https://bugzilla.redhat.com/show_bug.cgi?id=1349624
https://bugzilla.redhat.com/show_bug.cgi?id=1349625
https://bugzilla.redhat.com/show_bug.cgi?id=1349626
https://bugzilla.redhat.com/show_bug.cgi?id=1349627
https://bugzilla.redhat.com/show_bug.cgi?id=1349628
https://bugzilla.redhat.com/show_bug.cgi?id=1349630
https://bugzilla.redhat.com/show_bug.cgi?id=1349631
https://bugzilla.redhat.com/show_bug.cgi?id=1349636
https://bugzilla.redhat.com/show_bug.cgi?id=1349637
https://bugzilla.redhat.com/show_bug.cgi?id=1349869
https://bugzilla.redhat.com/show_bug.cgi?id=1349876
https://bugzilla.redhat.com/show_bug.cgi?id=1349988
https://bugzilla.redhat.com/show_bug.cgi?id=1349989
https://bugzilla.redhat.com/show_bug.cgi?id=1350448
https://bugzilla.redhat.com/show_bug.cgi?id=1350449
https://bugzilla.redhat.com/show_bug.cgi?id=1350592
https://bugzilla.redhat.com/show_bug.cgi?id=1350593
https://bugzilla.redhat.com/show_bug.cgi?id=1353234
https://bugzilla.redhat.com/show_bug.cgi?id=1353235
https://bugzilla.redhat.com/show_bug.cgi?id=1353237
https://bugzilla.redhat.com/show_bug.cgi?id=1353239
https://bugzilla.redhat.com/show_bug.cgi?id=1353240
https://bugzilla.redhat.com/show_bug.cgi?id=1353243
https://bugzilla.redhat.com/show_bug.cgi?id=1353253
https://bugzilla.redhat.com/show_bug.cgi?id=1353255
https://bugzilla.redhat.com/show_bug.cgi?id=1353258
https://bugzilla.redhat.com/show_bug.cgi?id=1353260
https://bugzilla.redhat.com/show_bug.cgi?id=1353277
https://bugzilla.redhat.com/show_bug.cgi?id=1353279
https://bugzilla.redhat.com/show_bug.cgi?id=1353285
https://bugzilla.redhat.com/show_bug.cgi?id=1353287
https://bugzilla.redhat.com/show_bug.cgi?id=1353288
https://bugzilla.redhat.com/show_bug.cgi?id=1353290
https://bugzilla.redhat.com/show_bug.cgi?id=1353292
https://bugzilla.redhat.com/show_bug.cgi?id=1353294
https://bugzilla.redhat.com/show_bug.cgi?id=1353299
https://bugzilla.redhat.com/show_bug.cgi?id=1353300
https://bugzilla.redhat.com/show_bug.cgi?id=1353302
https://bugzilla.redhat.com/show_bug.cgi?id=1353308
https://bugzilla.redhat.com/show_bug.cgi?id=1353310
https://bugzilla.redhat.com/show_bug.cgi?id=1353323
https://bugzilla.redhat.com/show_bug.cgi?id=1353324
https://bugzilla.redhat.com/show_bug.cgi?id=1353326
https://bugzilla.redhat.com/show_bug.cgi?id=1353587
https://bugzilla.redhat.com/show_bug.cgi?id=1353646
https://bugzilla.redhat.com/show_bug.cgi?id=1353647
https://bugzilla.redhat.com/show_bug.cgi?id=1353651
https://bugzilla.redhat.com/show_bug.cgi?id=1353657
https://bugzilla.redhat.com/show_bug.cgi?id=1353717
https://bugzilla.redhat.com/show_bug.cgi?id=1361237
https://bugzilla.redhat.com/show_bug.cgi?id=1361308
https://bugzilla.redhat.com/show_bug.cgi?id=1361610
https://bugzilla.redhat.com/show_bug.cgi?id=1361844
https://bugzilla.redhat.com/show_bug.cgi?id=1362181
https://bugzilla.redhat.com/show_bug.cgi?id=1362228
https://bugzilla.redhat.com/show_bug.cgi?id=1362271
https://bugzilla.redhat.com/show_bug.cgi?id=1362654
https://bugzilla.redhat.com/show_bug.cgi?id=1363808
https://bugzilla.redhat.com/show_bug.cgi?id=1364061
https://bugzilla.redhat.com/show_bug.cgi?id=1364063
https://bugzilla.redhat.com/show_bug.cgi?id=1365907
https://bugzilla.redhat.com/show_bug.cgi?id=1366359
https://bugzilla.redhat.com/show_bug.cgi?id=1366360
http://www.nessus.org/u?7b57b2ab
https://access.redhat.com/errata/RHSA-2016:1634
https://bugzilla.redhat.com/show_bug.cgi?id=1343720
https://bugzilla.redhat.com/show_bug.cgi?id=1343721
https://bugzilla.redhat.com/show_bug.cgi?id=1343723
https://bugzilla.redhat.com/show_bug.cgi?id=1344050
https://bugzilla.redhat.com/show_bug.cgi?id=1344327
https://bugzilla.redhat.com/show_bug.cgi?id=1344328
https://bugzilla.redhat.com/show_bug.cgi?id=1344329
https://bugzilla.redhat.com/show_bug.cgi?id=1344330
https://bugzilla.redhat.com/show_bug.cgi?id=1344331
https://bugzilla.redhat.com/show_bug.cgi?id=1346036
https://bugzilla.redhat.com/show_bug.cgi?id=1346037
https://bugzilla.redhat.com/show_bug.cgi?id=1346057
https://bugzilla.redhat.com/show_bug.cgi?id=1346312
https://bugzilla.redhat.com/show_bug.cgi?id=1346443
https://bugzilla.redhat.com/show_bug.cgi?id=1346909
https://bugzilla.redhat.com/show_bug.cgi?id=1346951
https://bugzilla.redhat.com/show_bug.cgi?id=1346956
https://bugzilla.redhat.com/show_bug.cgi?id=1346968
https://bugzilla.redhat.com/show_bug.cgi?id=1346991
https://bugzilla.redhat.com/show_bug.cgi?id=1347018
https://bugzilla.redhat.com/show_bug.cgi?id=1347695
https://bugzilla.redhat.com/show_bug.cgi?id=1348221
https://bugzilla.redhat.com/show_bug.cgi?id=1348630
https://bugzilla.redhat.com/show_bug.cgi?id=1348632
https://bugzilla.redhat.com/show_bug.cgi?id=1348636
https://bugzilla.redhat.com/show_bug.cgi?id=1348638
https://bugzilla.redhat.com/show_bug.cgi?id=1348645
https://bugzilla.redhat.com/show_bug.cgi?id=1348650
https://bugzilla.redhat.com/show_bug.cgi?id=1348651
https://bugzilla.redhat.com/show_bug.cgi?id=1348989
https://bugzilla.redhat.com/show_bug.cgi?id=1349060
https://bugzilla.redhat.com/show_bug.cgi?id=1349061
https://bugzilla.redhat.com/show_bug.cgi?id=1349062
https://bugzilla.redhat.com/show_bug.cgi?id=1349063
https://bugzilla.redhat.com/show_bug.cgi?id=1350594
https://bugzilla.redhat.com/show_bug.cgi?id=1350842
https://bugzilla.redhat.com/show_bug.cgi?id=1350903
https://bugzilla.redhat.com/show_bug.cgi?id=1350904
https://bugzilla.redhat.com/show_bug.cgi?id=1350905
https://bugzilla.redhat.com/show_bug.cgi?id=1350906
https://bugzilla.redhat.com/show_bug.cgi?id=1351176
https://bugzilla.redhat.com/show_bug.cgi?id=1351177
https://bugzilla.redhat.com/show_bug.cgi?id=1351178
https://bugzilla.redhat.com/show_bug.cgi?id=1351669
https://bugzilla.redhat.com/show_bug.cgi?id=1351674
https://bugzilla.redhat.com/show_bug.cgi?id=1351678
https://bugzilla.redhat.com/show_bug.cgi?id=1351696
https://bugzilla.redhat.com/show_bug.cgi?id=1352011
https://bugzilla.redhat.com/show_bug.cgi?id=1352012
https://bugzilla.redhat.com/show_bug.cgi?id=1352014
https://bugzilla.redhat.com/show_bug.cgi?id=1352027
https://bugzilla.redhat.com/show_bug.cgi?id=1352134
https://bugzilla.redhat.com/show_bug.cgi?id=1353201
https://bugzilla.redhat.com/show_bug.cgi?id=1353228
https://bugzilla.redhat.com/show_bug.cgi?id=1353231
https://bugzilla.redhat.com/show_bug.cgi?id=1353233
https://bugzilla.redhat.com/show_bug.cgi?id=1353719
https://bugzilla.redhat.com/show_bug.cgi?id=1353722
https://bugzilla.redhat.com/show_bug.cgi?id=1353974
https://bugzilla.redhat.com/show_bug.cgi?id=1354562
https://bugzilla.redhat.com/show_bug.cgi?id=1355785
https://bugzilla.redhat.com/show_bug.cgi?id=1355786
https://bugzilla.redhat.com/show_bug.cgi?id=1355787
https://bugzilla.redhat.com/show_bug.cgi?id=1355788
https://bugzilla.redhat.com/show_bug.cgi?id=1355789
https://bugzilla.redhat.com/show_bug.cgi?id=1356133
https://bugzilla.redhat.com/show_bug.cgi?id=1356251
https://bugzilla.redhat.com/show_bug.cgi?id=1356256
https://bugzilla.redhat.com/show_bug.cgi?id=1356624
https://bugzilla.redhat.com/show_bug.cgi?id=1356647
https://bugzilla.redhat.com/show_bug.cgi?id=1356659
https://bugzilla.redhat.com/show_bug.cgi?id=1356703
https://bugzilla.redhat.com/show_bug.cgi?id=1356704
https://bugzilla.redhat.com/show_bug.cgi?id=1356705
https://bugzilla.redhat.com/show_bug.cgi?id=1356973
https://bugzilla.redhat.com/show_bug.cgi?id=1357519
https://bugzilla.redhat.com/show_bug.cgi?id=1357520
https://bugzilla.redhat.com/show_bug.cgi?id=1358037
https://bugzilla.redhat.com/show_bug.cgi?id=1358303
https://bugzilla.redhat.com/show_bug.cgi?id=1359075
https://bugzilla.redhat.com/show_bug.cgi?id=1359150
https://bugzilla.redhat.com/show_bug.cgi?id=1359155
https://bugzilla.redhat.com/show_bug.cgi?id=1359295
https://bugzilla.redhat.com/show_bug.cgi?id=1359785
https://bugzilla.redhat.com/show_bug.cgi?id=1359937
https://bugzilla.redhat.com/show_bug.cgi?id=1359966
https://bugzilla.redhat.com/show_bug.cgi?id=1360330
https://bugzilla.redhat.com/show_bug.cgi?id=1360364
https://bugzilla.redhat.com/show_bug.cgi?id=1360384
https://bugzilla.redhat.com/show_bug.cgi?id=1360772
Plugin Details
Severity: High
ID: 210188
File Name: redhat-RHSA-2016-1634.nasl
Version: 1.1
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 11/4/2024
Updated: 11/4/2024
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
Vendor
Vendor Severity: Important
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 4.8
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS Score Source: CVE-2016-5383
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:cfme-appliance, p-cpe:/a:redhat:enterprise_linux:cfme-gemset, p-cpe:/a:redhat:enterprise_linux:google-config, p-cpe:/a:redhat:enterprise_linux:google-compute-engine, p-cpe:/a:redhat:enterprise_linux:cfme
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 8/18/2016
Vulnerability Publication Date: 8/18/2016
Reference Information
CVE: CVE-2016-5383