Detections
Analytics
RHEL 7 : cfme, cfme-appliance, and cfme-gemset (RHSA-2017:0898)
medium Nessus Plugin ID 210211
Synopsis
The remote Red Hat host is missing a security update.Description
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0898 advisory.Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.
Security Fix(es):
* A number of unused delete routes are present in CloudForms which can be accessed via GET requests instead of just POST requests. This could allow an attacker to bypass the protect_from_forgery XSRF protection causing the routes to be used. This attack would require additional cross-site scripting or similar attacks in order to execute. (CVE-2017-2653)
Additional Changes:
This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Technical Notes document linked to in the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected cfme, cfme-appliance and / or cfme-gemset packages.See Also
https://access.redhat.com/security/updates/classification/#moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1386342
https://bugzilla.redhat.com/show_bug.cgi?id=1393438
https://bugzilla.redhat.com/show_bug.cgi?id=1395722
https://bugzilla.redhat.com/show_bug.cgi?id=1395866
https://bugzilla.redhat.com/show_bug.cgi?id=1396237
https://bugzilla.redhat.com/show_bug.cgi?id=1396579
https://bugzilla.redhat.com/show_bug.cgi?id=1402995
https://bugzilla.redhat.com/show_bug.cgi?id=1411477
https://bugzilla.redhat.com/show_bug.cgi?id=1414003
https://bugzilla.redhat.com/show_bug.cgi?id=1416819
https://bugzilla.redhat.com/show_bug.cgi?id=1416827
https://bugzilla.redhat.com/show_bug.cgi?id=1416836
https://bugzilla.redhat.com/show_bug.cgi?id=1416894
https://bugzilla.redhat.com/show_bug.cgi?id=1417757
https://bugzilla.redhat.com/show_bug.cgi?id=1417762
https://bugzilla.redhat.com/show_bug.cgi?id=1417763
https://bugzilla.redhat.com/show_bug.cgi?id=1417779
https://bugzilla.redhat.com/show_bug.cgi?id=1418066
https://bugzilla.redhat.com/show_bug.cgi?id=1418221
https://bugzilla.redhat.com/show_bug.cgi?id=1418815
https://bugzilla.redhat.com/show_bug.cgi?id=1419603
https://bugzilla.redhat.com/show_bug.cgi?id=1419694
https://bugzilla.redhat.com/show_bug.cgi?id=1420284
https://bugzilla.redhat.com/show_bug.cgi?id=1420442
https://bugzilla.redhat.com/show_bug.cgi?id=1420467
https://bugzilla.redhat.com/show_bug.cgi?id=1421154
https://bugzilla.redhat.com/show_bug.cgi?id=1421158
https://bugzilla.redhat.com/show_bug.cgi?id=1421161
https://bugzilla.redhat.com/show_bug.cgi?id=1422647
https://bugzilla.redhat.com/show_bug.cgi?id=1422648
https://bugzilla.redhat.com/show_bug.cgi?id=1428079
https://bugzilla.redhat.com/show_bug.cgi?id=1428122
https://bugzilla.redhat.com/show_bug.cgi?id=1428124
https://bugzilla.redhat.com/show_bug.cgi?id=1428130
https://bugzilla.redhat.com/show_bug.cgi?id=1428131
https://bugzilla.redhat.com/show_bug.cgi?id=1428508
https://bugzilla.redhat.com/show_bug.cgi?id=1428509
https://bugzilla.redhat.com/show_bug.cgi?id=1428512
https://bugzilla.redhat.com/show_bug.cgi?id=1428579
https://bugzilla.redhat.com/show_bug.cgi?id=1428895
https://bugzilla.redhat.com/show_bug.cgi?id=1428897
https://bugzilla.redhat.com/show_bug.cgi?id=1428899
https://bugzilla.redhat.com/show_bug.cgi?id=1428900
https://bugzilla.redhat.com/show_bug.cgi?id=1431808
https://bugzilla.redhat.com/show_bug.cgi?id=1431842
https://bugzilla.redhat.com/show_bug.cgi?id=1422649
https://bugzilla.redhat.com/show_bug.cgi?id=1422650
https://bugzilla.redhat.com/show_bug.cgi?id=1422651
https://bugzilla.redhat.com/show_bug.cgi?id=1422652
https://bugzilla.redhat.com/show_bug.cgi?id=1422653
https://bugzilla.redhat.com/show_bug.cgi?id=1422654
https://bugzilla.redhat.com/show_bug.cgi?id=1422975
https://bugzilla.redhat.com/show_bug.cgi?id=1423032
https://bugzilla.redhat.com/show_bug.cgi?id=1423470
https://bugzilla.redhat.com/show_bug.cgi?id=1424255
https://bugzilla.redhat.com/show_bug.cgi?id=1425492
https://bugzilla.redhat.com/show_bug.cgi?id=1425494
https://bugzilla.redhat.com/show_bug.cgi?id=1425873
https://bugzilla.redhat.com/show_bug.cgi?id=1426433
https://bugzilla.redhat.com/show_bug.cgi?id=1426628
https://bugzilla.redhat.com/show_bug.cgi?id=1426638
https://bugzilla.redhat.com/show_bug.cgi?id=1426683
https://bugzilla.redhat.com/show_bug.cgi?id=1427168
https://bugzilla.redhat.com/show_bug.cgi?id=1427169
https://bugzilla.redhat.com/show_bug.cgi?id=1427172
https://bugzilla.redhat.com/show_bug.cgi?id=1427298
https://bugzilla.redhat.com/show_bug.cgi?id=1427299
https://bugzilla.redhat.com/show_bug.cgi?id=1427321
https://bugzilla.redhat.com/show_bug.cgi?id=1427520
https://bugzilla.redhat.com/show_bug.cgi?id=1427522
https://bugzilla.redhat.com/show_bug.cgi?id=1428903
https://bugzilla.redhat.com/show_bug.cgi?id=1428904
https://bugzilla.redhat.com/show_bug.cgi?id=1429648
https://bugzilla.redhat.com/show_bug.cgi?id=1429650
https://bugzilla.redhat.com/show_bug.cgi?id=1429652
https://bugzilla.redhat.com/show_bug.cgi?id=1429999
https://bugzilla.redhat.com/show_bug.cgi?id=1430088
https://bugzilla.redhat.com/show_bug.cgi?id=1430089
https://bugzilla.redhat.com/show_bug.cgi?id=1430439
https://bugzilla.redhat.com/show_bug.cgi?id=1430542
https://bugzilla.redhat.com/show_bug.cgi?id=1430835
https://bugzilla.redhat.com/show_bug.cgi?id=1430838
https://bugzilla.redhat.com/show_bug.cgi?id=1430937
https://bugzilla.redhat.com/show_bug.cgi?id=1431154
https://bugzilla.redhat.com/show_bug.cgi?id=1431162
https://bugzilla.redhat.com/show_bug.cgi?id=1432093
https://bugzilla.redhat.com/show_bug.cgi?id=1432098
https://bugzilla.redhat.com/show_bug.cgi?id=1432174
https://bugzilla.redhat.com/show_bug.cgi?id=1432463
https://bugzilla.redhat.com/show_bug.cgi?id=1432467
https://bugzilla.redhat.com/show_bug.cgi?id=1432639
https://bugzilla.redhat.com/show_bug.cgi?id=1432957
https://bugzilla.redhat.com/show_bug.cgi?id=1432960
https://bugzilla.redhat.com/show_bug.cgi?id=1432961
https://bugzilla.redhat.com/show_bug.cgi?id=1432962
https://bugzilla.redhat.com/show_bug.cgi?id=1433069
https://bugzilla.redhat.com/show_bug.cgi?id=1433089
https://bugzilla.redhat.com/show_bug.cgi?id=1433093
https://bugzilla.redhat.com/show_bug.cgi?id=1433094
https://bugzilla.redhat.com/show_bug.cgi?id=1433366
https://bugzilla.redhat.com/show_bug.cgi?id=1433435
https://bugzilla.redhat.com/show_bug.cgi?id=1433486
https://bugzilla.redhat.com/show_bug.cgi?id=1433500
https://bugzilla.redhat.com/show_bug.cgi?id=1433962
https://bugzilla.redhat.com/show_bug.cgi?id=1433974
https://bugzilla.redhat.com/show_bug.cgi?id=1433976
https://bugzilla.redhat.com/show_bug.cgi?id=1433979
https://bugzilla.redhat.com/show_bug.cgi?id=1433980
https://bugzilla.redhat.com/show_bug.cgi?id=1433981
https://bugzilla.redhat.com/show_bug.cgi?id=1434012
https://bugzilla.redhat.com/show_bug.cgi?id=1434096
https://bugzilla.redhat.com/show_bug.cgi?id=1434150
https://bugzilla.redhat.com/show_bug.cgi?id=1434151
https://bugzilla.redhat.com/show_bug.cgi?id=1434157
https://bugzilla.redhat.com/show_bug.cgi?id=1434158
https://bugzilla.redhat.com/show_bug.cgi?id=1431163
https://bugzilla.redhat.com/show_bug.cgi?id=1431164
https://bugzilla.redhat.com/show_bug.cgi?id=1431165
https://bugzilla.redhat.com/show_bug.cgi?id=1431166
https://bugzilla.redhat.com/show_bug.cgi?id=1431168
https://bugzilla.redhat.com/show_bug.cgi?id=1431620
https://bugzilla.redhat.com/show_bug.cgi?id=1431641
https://bugzilla.redhat.com/show_bug.cgi?id=1431727
https://bugzilla.redhat.com/show_bug.cgi?id=1434160
https://bugzilla.redhat.com/show_bug.cgi?id=1434172
https://bugzilla.redhat.com/show_bug.cgi?id=1434411
https://bugzilla.redhat.com/show_bug.cgi?id=1434428
https://bugzilla.redhat.com/show_bug.cgi?id=1434549
https://bugzilla.redhat.com/show_bug.cgi?id=1435278
https://bugzilla.redhat.com/show_bug.cgi?id=1436223
https://bugzilla.redhat.com/show_bug.cgi?id=1436340
https://bugzilla.redhat.com/show_bug.cgi?id=1436854
https://bugzilla.redhat.com/show_bug.cgi?id=1437560
https://bugzilla.redhat.com/show_bug.cgi?id=1438450
https://bugzilla.redhat.com/show_bug.cgi?id=1438888
https://bugzilla.redhat.com/show_bug.cgi?id=1439308
https://bugzilla.redhat.com/show_bug.cgi?id=1440405
https://bugzilla.redhat.com/show_bug.cgi?id=1440408
Plugin Details
Severity: Medium
ID: 210211
File Name: redhat-RHSA-2017-0898.nasl
Version: 1.1
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 11/4/2024
Updated: 11/4/2024
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
Vendor
Vendor Severity: Moderate
CVSS v2
Risk Factor: Medium
Base Score: 4
Temporal Score: 3
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N
CVSS Score Source: CVE-2017-2653
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:cfme-appliance, p-cpe:/a:redhat:enterprise_linux:cfme-gemset, p-cpe:/a:redhat:enterprise_linux:cfme, cpe:/o:redhat:enterprise_linux:7
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 4/12/2017
Vulnerability Publication Date: 3/14/2017
Reference Information
CVE: CVE-2017-2653