Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-15086

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-08 Nov, 2017 | 19:00
Updated At-05 Aug, 2024 | 19:42
Rejected At-
Credits

It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:08 Nov, 2017 | 19:00
Updated At:05 Aug, 2024 | 19:42
Rejected At:
▼CVE Numbering Authority (CNA)

It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.

Affected Products
Vendor
Red Hat, Inc.Red Hat, Inc.
Product
Gluster Storage for RHEL 6
Versions
Affected
  • 3.3
Problem Types
TypeCWE IDDescription
CWECWE-300CWE-300
Type: CWE
CWE ID: CWE-300
Description: CWE-300
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/101555
vdb-entry
x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:3110
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15086
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/101555
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3110
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15086
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/101555
vdb-entry
x_refsource_BID
x_transferred
https://access.redhat.com/errata/RHSA-2017:3110
vendor-advisory
x_refsource_REDHAT
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15086
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/101555
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3110
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15086
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:08 Nov, 2017 | 19:29
Updated At:20 Apr, 2025 | 01:37

It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.4HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Type: Primary
Version: 3.0
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CPE Matches
Red Hat, Inc.
redhat
>>gluster_storage>>3.3
cpe:2.3:a:redhat:gluster_storage:3.3:*:*:*:*:*:*:*
Red Hat, Inc.
redhat
>>enterprise_linux>>6.0
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-300Primarysecalert@redhat.com
NVD-CWE-noinfoSecondarynvd@nist.gov
CWE ID: CWE-300
Type: Primary
Source: secalert@redhat.com
CWE ID: NVD-CWE-noinfo
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/101555secalert@redhat.com
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:3110secalert@redhat.com
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15086secalert@redhat.com
Issue Tracking
Vendor Advisory
http://www.securityfocus.com/bid/101555af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:3110af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15086af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/101555
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3110
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15086
Source: secalert@redhat.com
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/101555
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://access.redhat.com/errata/RHSA-2017:3110
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15086
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

64Records found
CVE-2018-14658
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 48.54%
||
7 Day CHG~0.00%
Published-13 Nov, 2018 | 19:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack

Action-Not Available
Vendor-Red Hat, Inc.
Product-keycloakkeycloak
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2018-12386
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-41.66% / 97.32%
||
7 Day CHG~0.00%
Published-18 Oct, 2018 | 13:00
Updated-05 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR < 60.2.2 and Firefox < 62.0.3.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopFirefoxFirefox ESR
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2018-1067
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.62% / 69.16%
||
7 Day CHG~0.00%
Published-21 May, 2018 | 17:00
Updated-05 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.
Product-jboss_enterprise_application_platformundertowvirtualization_hostenterprise_linuxundertow
CWE ID-CWE-113
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CVE-2017-7513
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 26.35%
||
7 Day CHG~0.00%
Published-22 Aug, 2018 | 15:00
Updated-05 Aug, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate.

Action-Not Available
Vendor-Red Hat, Inc.
Product-satelliteRed Hat Satellite
CWE ID-CWE-295
Improper Certificate Validation
CVE-2017-7807
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-0.82% / 73.45%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverdebian_linuxthunderbirdenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktopThunderbirdFirefox ESRFirefox
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7559
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.13% / 77.41%
||
7 Day CHG~0.00%
Published-10 Jan, 2018 | 15:00
Updated-16 Sep, 2024 | 19:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.

Action-Not Available
Vendor-Red Hat, Inc.
Product-undertowundertow
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2017-15085
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.45% / 62.74%
||
7 Day CHG~0.00%
Published-08 Nov, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.

Action-Not Available
Vendor-Red Hat, Inc.
Product-gluster_storageenterprise_linuxGluster Storage for RHEL 6
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-300
Channel Accessible by Non-Endpoint
CVE-2020-10749
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6||MEDIUM
EPSS-3.60% / 87.31%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 13:45
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.

Action-Not Available
Vendor-Red Hat, Inc.Fedora ProjectThe Linux Foundation
Product-cni_network_pluginsopenshift_container_platformfedoraenterprise_linuxcontainernetworking/plugins
CWE ID-CWE-300
Channel Accessible by Non-Endpoint
CVE-2017-7480
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.29% / 84.06%
||
7 Day CHG~0.00%
Published-21 Jul, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution.

Action-Not Available
Vendor-rootkit_hunter_projectRed Hat, Inc.
Product-rootkit_hunterrkhunter
CWE ID-CWE-300
Channel Accessible by Non-Endpoint
CVE-2017-12735
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.4||HIGH
EPSS-0.24% / 47.19%
||
7 Day CHG~0.00%
Published-30 Aug, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between the LOGO! BM and other devices could potentially decrypt and modify network traffic.

Action-Not Available
Vendor-Siemens AG
Product-logo\!_8_bm_firmwarelogo\!LOGO! 8 BM (incl. SIPLUS variants)
CWE ID-CWE-300
Channel Accessible by Non-Endpoint
CVE-2019-0054
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.08% / 24.56%
||
7 Day CHG~0.00%
Published-09 Oct, 2019 | 19:26
Updated-17 Sep, 2024 | 00:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: SRX Series: An attacker may be able to perform Man-in-the-Middle (MitM) attacks during app-id signature updates.

An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows an attacker to perform Man-in-the-Middle (MitM) attacks which may compromise the integrity and confidentiality of the device. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D120 on SRX Series devices. No other versions of Junos OS are affected.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-srx345srx5800srx110srx4200srx340srx550_hmsrx4100srx220srx240srx3600vsrxsrx5400srx1400srx100srx3400srx300srx550srx320srx5600junossrx650srx210srx4600csrxsrx1500Junos OS
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-300
Channel Accessible by Non-Endpoint
CVE-2022-22156
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 30.91%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 00:20
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: Certificate validation is skipped when fetching system scripts from a HTTPS URL

An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle (PitM) attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and confidentiality of the device. The following command can be executed by an administrator via the CLI to refresh a script from a remote location, which is affected from this vulnerability: >request system scripts refresh-from (commit | event | extension-service | op | snmp) file filename url <https-url> This issue affects: Juniper Networks Junos OS All versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2; 21.1 versions prior to 21.1R1-S1, 21.1R2.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junosJunos OS
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-300
Channel Accessible by Non-Endpoint
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
CVE-2017-9941
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.4||HIGH
EPSS-0.19% / 41.54%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker in a Man-in-the-Middle position between the SiPass integrated server and SiPass integrated clients to read or modify the network communication.

Action-Not Available
Vendor-n/aSiemens AG
Product-sipass_integratedSiPass integrated All versions before V2.70
CWE ID-CWE-300
Channel Accessible by Non-Endpoint
CVE-2017-6870
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.4||HIGH
EPSS-0.24% / 47.19%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could allow an attacker to read and modify data within a TLS session while performing a Man-in-the-Middle (MitM) attack.

Action-Not Available
Vendor-n/aSiemens AG
Product-simatic_wincc_sm\@rtclientSIMATIC WinCC Sm@rtClient for Android
CWE ID-CWE-300
Channel Accessible by Non-Endpoint
  • Previous
  • 1
  • 2
  • Next
Details not found