Vulnerabilities > CVE-2018-10864 - Unspecified vulnerability in Redhat Certification
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 1 |
Nessus
| NASL family | Red Hat Local Security Checks |
| NASL id | REDHAT-RHSA-2018-2373.NASL |
| description | An update for redhat-certification is now available for Red Hat Certification for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-certification package provides partners with a unified web-based user interface to certify their products for use on Red Hat Infrastructure. It can currently be used in the latest releases of Red Hat Certified Cloud and Service Provider Certification, Red Hat OpenStack Certification and Red Hat Hardware Certification Programs. Security Fix(es) : * redhat-certification: rhcertStore.py:__saveResultsFile allows to write any file (CVE-2018-10870) * redhat-certification: /download allows to download any file (CVE-2018-10869) * redhat-certification: resource consumption in DocumentBase:loadFiltered (CVE-2018-10864) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. These issues were discovered by Riccardo Schirone (Red Hat Product Security). |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 111774 |
| published | 2018-08-16 |
| reporter | This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/111774 |
| title | RHEL 7 : redhat-certification (RHSA-2018:2373) |
Redhat
| advisories |
| ||||
| rpms |
|