Bug 491365 (CVE-2009-0788)

Summary: CVE-2009-0788 rhn_satellite: Incorrect mod_rewrite rules (information disclosure, abuse as distributed DoS tool)
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Jan Pazdziora (Red Hat) <jpazdziora>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: atangrin, bressers, cperry, jorton, jpazdziora, mjc, msuchy, security-response-team, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-04-04 21:50:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 548442, 548443, 548444, 647313, 695494    
Bug Blocks: 622406    

Description Jan Lieskovsky 2009-03-20 16:36:23 UTC 
A flaw was found in the way RHN Satellite rewrote certain URLs.
An unauthenticated user could use a specially-crafted HTTP
request to obtain sensitive information about the host system
RHN Satellite was running on. They could also use RHN Satellite
as a distributed denial of service tool, forcing it to connect
to an arbitrary service at an arbitrary IP address via a
specially-crafted HTTP request.
Comment 25 Jan Lieskovsky 2011-03-25 10:52:27 UTC 
The preliminary embargo date for this issue has been set up to
Monday, 9-th of May, 2011.
Comment 26 Jan Lieskovsky 2011-04-04 08:55:21 UTC 
(In reply to comment #25)
The preliminary embargo date for this issue has been moved to
earlier date, Monday, 11-th of April, 2011.
Comment 29 errata-xmlrpc 2011-04-11 20:24:48 UTC 
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.3
  Red Hat Network Satellite Server v 5.4

Via RHSA-2011:0434 https://rhn.redhat.com/errata/RHSA-2011-0434.html
Comment 30 Vincent Danen 2011-04-11 20:50:29 UTC 
Created spacewalk-backend tracking bugs for this issue

Affects: fedora-all [bug 695494]