CVE-2013-2056

Redhat Satellite - Authentication Bypass

Title source: rule

Description

The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.

References (3)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0848.html

[Vendor Advisory] http://secunia.com/advisories/53487

[Third Party Advisory, VDB Entry] http://www.osvdb.org/93566

Scores

EPSS 0.0033

EPSS Percentile 55.9%

Classification

CWE

CWE-287

Status draft

Affected Products (3)

redhat/satellite

Timeline

Published Jul 31, 2013

Tracked Since Feb 18, 2026