CVE-2012-1145
Red Hat Satellite 5.4 - Unauthenticated Denial of Service via Package Upload
Title source: llmDescription
spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads.
References (6)
Core 6
Core References
Broken Link vdb-entry
x_refsource_osvdb
http://www.osvdb.org/81481
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1026873
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/52832
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74498
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48664
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0436.html
Scores
EPSS
0.0302
EPSS Percentile
85.8%
Details
CWE
CWE-287
Status
published
Products (1)
redhat/satellite
5.4
Published
Jun 16, 2012
Tracked Since
Feb 18, 2026