CVE-2019-10137 vulnerability in Red Hat Products
Published on July 2, 2019
A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process.
Weakness Type
What is a Directory traversal Vulnerability?
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CVE-2019-10137 has been classified to as a Directory traversal vulnerability or weakness.
Products Associated with CVE-2019-10137
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-10137 are published in these products:
Affected Versions
spacewalkproject spacewalk-proxy Version spacewalk through 2.9 is affected by CVE-2019-10137Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.