CVE-2015-5152

Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.
References
Link Resource
http://projects.theforeman.org/issues/11119 Mailing List Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1243571 Issue Tracking Mitigation Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:theforeman:foreman:1.1-1:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.3.0:rc1:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.3.0:rc2:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.3.0:rc3:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.3.0:rc4:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.6.0:rc2:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.7.0:rc2:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.8.0:rc2:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.8.0:rc3:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:theforeman:foreman:1.8.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-07-17 13:18

Updated : 2024-02-04 19:29


NVD link : CVE-2015-5152

Mitre link : CVE-2015-5152

CVE.ORG link : CVE-2015-5152


JSON object : View

Products Affected

theforeman

  • foreman
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor