CVE-2018-10865

CVE-2018-10865

It has been discovered that redhat-certification does not perform an authorization check and allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system. An attacker could use this flaw to send requests to port 8009 of any host or to keep restarting the RHCertD daemon on a host of another customer. This flaw affects redhat-certification version 7.

Source: CVE-2018-10865

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다