CVE-2017-7528

MEDIUM

Ansible Tower - CRLF Injection

Title source: llm

Description

Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback).

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105143

[Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7528

Scores

CVSS v3 5.2

EPSS 0.0014

EPSS Percentile 34.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N

Details

CWE

CWE-113 CWE-93

Status published

Products (2)

redhat/ansible_tower

redhat/cloudforms_management_engine 5.0

Published Aug 22, 2018

Tracked Since Feb 18, 2026