Announcement Announcement Module
Collapse
No announcement yet.
Information Disclosure Vulnerability in RHEVM Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Information Disclosure Vulnerability in RHEVM

    Information Disclosure Vulnerability in RHEVM

    Severity Rating: Medium

    Systems Affected

    • Red Hat Enterprise Virtualization 3.4

    Overview

    A vulnerability has been reported in Red Hat Enterprise Virtualization Manager which could be exploited by a remote authenticated attacker to access files on the target system.

    Description

    This vulnerability is caused as the entities in XML API calls are resolved by the ovirt-engine REST API. An authenticated remote attacker with credentials to call the REST API could successfully exploit this vulnerability by supplying specially crafted XML External Entity (XXE) data to the ovirt-engine REST API and access files available to the user using ovirt-engine JBoss server.

    Solution

    Install updated software as mentioned by the vendor:-
    https://rhn.redhat.com/errata/RHSA-2014-0814.html

    Vendor Information
    RedHat
    https://rhn.redhat.com/errata/RHSA-2014-0814.html

    References
    Securitytracker
    http://securitytracker.com/id/1030501
Tag Cloud Tag Cloud Module
Collapse
Working...
X