Published: 13/11/2014 Updated: 13/02/2023

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Red Hat OpenShift Enterprise prior to 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat openshift 2.1.2
redhat openshift 2.0.6
redhat openshift 2.1.5
redhat openshift 2.1
redhat openshift 2.0.5
redhat openshift 2.0.2
redhat openshift 2.1.1
redhat openshift 2.0.1
redhat openshift
redhat openshift 2.1.7
redhat openshift 2.1.4
redhat openshift 2.0.3
redhat openshift 2.1.3
redhat openshift 2.0.4
redhat openshift 2.1.6
redhat openshift 2.0

It was found that OpenShift Enterprise did not restrict access to the /proc/net/tcp file in gears, which allowed local users to view all listening connections and connected sockets This could result in remote system's IP or port numbers in use to be exposed, which may be useful for further targeted attacks ...

CWE-264 http://rhn.redhat.com/errata/RHSA-2014-1796.html http://rhn.redhat.com/errata/RHSA-2014-1906.html https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-3602

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-3602

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect