Description
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1196.html
Issue Tracking x_refsource_confirm
http://projects.theforeman.org/issues/2860
Patch x_refsource_confirm
http://theforeman.org/manuals/1.2/index.html#Releasenotesfor1.2.2
Scores
EPSS
0.0241
EPSS Percentile
82.2%
Details
CWE
CWE-20
Status
published
Products (3)
redhat/openstack
3.0
theforeman/foreman
1.2.0 (3 CPE variants)
theforeman/foreman
< 1.2.1
Published
Sep 16, 2013
Tracked Since
Feb 18, 2026