Foreman after 1.1 and prior to 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote malicious users to obtain user credentials via a man-in-the-middle attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
theforeman foreman 1.4.1 |
||
theforeman foreman 1.3.0 |
||
theforeman foreman 1.4.3 |
||
theforeman foreman 1.2.2 |
||
theforeman foreman 1.4.0 |
||
theforeman foreman 1.2.1 |
||
theforeman foreman 1.8.0 |
||
theforeman foreman 1.7.4 |
||
theforeman foreman 1.7.5 |
||
theforeman foreman 1.7.0 |
||
theforeman foreman 1.4.2 |
||
theforeman foreman 1.8.1 |
||
theforeman foreman 1.5.0 |
||
theforeman foreman 1.2.0 |
||
theforeman foreman 1.5.2 |
||
theforeman foreman 1.5.3 |
||
theforeman foreman 1.2.3 |
||
theforeman foreman 1.1-1 |
||
theforeman foreman 1.6.0 |
||
theforeman foreman 1.8.3 |
||
theforeman foreman 1.7.1 |
||
theforeman foreman 1.5.1 |
||
theforeman foreman 1.8.2 |
||
theforeman foreman 1.6.1 |
||
theforeman foreman 1.4.5 |
||
theforeman foreman 1.4.4 |
||
theforeman foreman 1.7.2 |
||
theforeman foreman 1.3.1 |
||
theforeman foreman 1.3.2 |
||
theforeman foreman 1.7.3 |