Red Hat Certification
By the Year
In 2024 there have been 0 vulnerabilities in Red Hat Certification . Certification did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 5 | 8.14 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 1 | 7.50 |
It may take a day or so for new Certification vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Certification Security Vulnerabilities
redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents
CVE-2018-10868
7.5 - High
- May 26, 2021
redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XMLRPC methods when getting the status of an host.
Resource Exhaustion
Files are accessible without restrictions from the /update/results page of redhat-certification 7 package
CVE-2018-10867
9.1 - Critical
- May 26, 2021
Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.
Files or Directories Accessible to External Parties
It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it
CVE-2018-10866
9.1 - Critical
- May 26, 2021
It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him.
AuthZ
It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it
CVE-2018-10865
7.5 - High
- May 26, 2021
It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him.
AuthZ
It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory
CVE-2018-10863
7.5 - High
- May 26, 2021
It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information.
Files or Directories Accessible to External Parties
redhat-certification does not properly restrict files that can be download through the /download page
CVE-2018-10869
7.5 - High
- July 19, 2018
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
Files or Directories Accessible to External Parties
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux (RHEL) or by Red Hat? Click the Watch button to subscribe.