CRLF Injection Vulnerability in Red Hat CloudForms Management Engine
CVE-2017-7528

5.2MEDIUM

Key Information:

Vendor: Red Hat
Status: Ansible Tower
Vendor: CVE Published:; 22 August 2018

Summary

The Ansible Tower component within the Red Hat CloudForms Management Engine 5 is susceptible to a CRLF injection vulnerability through the X-Forwarded-For header. This flaw enables internal servers to initiate the deployment of unauthorized systems via callback mechanisms, raising significant security concerns. Organizations using this software must take immediate measures to mitigate the risk associated with this vulnerability to protect their infrastructure from potential exploitation.

Affected Version(s)

Ansible Tower As shipped with Red Hat CloudForms Management Engine 5

References

http://www.securityfocus.com/bid/105143

vdb-entryx_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7528

x_refsource_CONFIRM

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 22, 2018
Vulnerability Reserved
Apr 5, 2017