CVE-2014-8162
Satellite5: RPC API XML External Entities file disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.
Vulnerabilidad de entidad externa XML (XXE) en la interfaz RPC en Spacewalk y Red Hat Network (RHN) Satellite 5.7 y anteriores permite a atacantes remotos leer archivos arbitrarios y posiblemente tener otro impacto no especificado a través de vectores desconocidos.
It was found that the RPC interface in Satellite would resolve external entities, allowing an attacker to conduct XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the Satellite server, and potentially perform other more advanced XXE attacks.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-10-10 CVE Reserved
- 2015-05-11 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/74595 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html | 2023-02-13 | |
http://rhn.redhat.com/errata/RHSA-2015-0957.html | 2023-02-13 | |
https://access.redhat.com/security/cve/CVE-2014-8162 | 2015-05-11 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1187339 | 2015-05-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Network Satellite Search vendor "Redhat" for product "Network Satellite" | <= 5.7 Search vendor "Redhat" for product "Network Satellite" and version " <= 5.7" | - |
Affected
| ||||||
Suse Search vendor "Suse" | Manager Search vendor "Suse" for product "Manager" | 1.7 Search vendor "Suse" for product "Manager" and version "1.7" | - |
Affected
|