Certification Red Hat Certification

Do you want an email whenever new security vulnerabilities are reported in Red Hat Certification?

By the Year

In 2022 there have been 0 vulnerabilities in Red Hat Certification . Last year Certification had 5 security vulnerabilities published. Right now, Certification is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 5 8.14
2020 0 0.00
2019 0 0.00
2018 1 7.50

It may take a day or so for new Certification vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Certification Security Vulnerabilities

It has been discovered

CVE-2018-10868 7.5 - High - May 26, 2021

It has been discovered that redhat-certification does not properly limit the number of recursive definitions of entities in XML documents while parsing the status of a host. A remote attacker could use this vulnerability to consume all the memory of the server and cause a Denial of Service. This flaw affects redhat-certification version 7.

Resource Exhaustion

It has been discovered that redhat-certification does not restrict file access in the /update/results page

CVE-2018-10867 9.1 - Critical - May 26, 2021

It has been discovered that redhat-certification does not restrict file access in the /update/results page. A remote attacker could use this vulnerability to remove any file accessible by the user which is running httpd. This flaw affects redhat-certification version 7.

Files or Directories Accessible to External Parties

It has been discovered

CVE-2018-10866 9.1 - Critical - May 26, 2021

It has been discovered that redhat-certification does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file with host related information, not belonging to him. This flaw affects redhat-certification version 7.

AuthZ

It has been discovered

CVE-2018-10865 7.5 - High - May 26, 2021

It has been discovered that redhat-certification does not perform an authorization check and allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system. An attacker could use this flaw to send requests to port 8009 of any host or to keep restarting the RHCertD daemon on a host of another customer. This flaw affects redhat-certification version 7.

AuthZ

It has been discovered

CVE-2018-10863 7.5 - High - May 26, 2021

It has been discovered that redhat-certification is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information. This flaw affects redhat-certification version 7.

Files or Directories Accessible to External Parties

redhat-certification does not properly restrict files that can be download through the /download page

CVE-2018-10869 7.5 - High - July 19, 2018

redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.

Incorrect Permission Assignment for Critical Resource

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux (RHEL) or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe