Description
It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate.
References (2)
Core 2
Core References
Vendor Advisory
https://access.redhat.com/security/cve/cve-2017-7513
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7513
Scores
CVSS v3
5.4
EPSS
0.0048
EPSS Percentile
37.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Details
CWE
CWE-295
Status
published
Products (10)
redhat/satellite
5.0
redhat/satellite
5.1.1
redhat/satellite
5.2
redhat/satellite
5.3
redhat/satellite
5.4
redhat/satellite
5.4.1
redhat/satellite
5.5
redhat/satellite
5.6
redhat/satellite
5.7
redhat/satellite
5.8
Published
Aug 22, 2018
Tracked Since
Feb 18, 2026