CVE-2017-7528 is a vulnerability in Red Hat Ansible Tower
Published on August 22, 2018
Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback).
Weakness Type
What is a HTTP Response Splitting Vulnerability?
The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.
CVE-2017-7528 has been classified to as a HTTP Response Splitting vulnerability or weakness.
Products Associated with CVE-2017-7528
Want to know whenever a new CVE is published for Red Hat Ansible Tower? stack.watch will email you.
Affected Versions
Red Hat Ansible Tower Version As shipped with Red Hat CloudForms Management Engine 5 is affected by CVE-2017-7528Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.