CVE-2018-10865

It has been discovered that redhat-certification does not perform an authorization check and allows an unauthenticated user to call a «restart» RPC method on any host accessible by the system. An attacker could use this flaw to send requests to port 8009 of any host or to keep restarting the RHCertD daemon on a host of another customer. This flaw affects redhat-certification version 7.




twitter facebook youtube