CVE-2014-3691

Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.

Published: Mar 9, 2015
Updated: Apr 13, 2023
CVE: CVE-2014-3691
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
redhat / openstack	4.0	4.0.x
redhat / openstack	5.0	5.0.x
theforeman / foreman	-	1.5.3.x
theforeman / foreman	1.6.0	1.6.0.x
theforeman / foreman	1.6.1	1.6.1.x

http://projects.theforeman.org/issues/7822
http://rhn.redhat.com/errata/RHSA-2015-0287.html
http://rhn.redhat.com/errata/RHSA-2015-0288.html
https://github.com/theforeman/smart-proxy/pull/217
https://groups.google.com/forum/#%21topic/foreman-announce/jXC5ixybjqo

Vulnerability Database

289,599

CVE-2014-3691