Red Hat Bugzilla – Bug 491365
CVE-2009-0788 rhn_satellite: Incorrect mod_rewrite rules (information disclosure, abuse as distributed DoS tool)
Last modified: 2013-04-04 17:50:15 EDT
A flaw was found in the way RHN Satellite rewrote certain URLs.
An unauthenticated user could use a specially-crafted HTTP
request to obtain sensitive information about the host system
RHN Satellite was running on. They could also use RHN Satellite
as a distributed denial of service tool, forcing it to connect
to an arbitrary service at an arbitrary IP address via a
specially-crafted HTTP request.
The preliminary embargo date for this issue has been set up to
Monday, 9-th of May, 2011.
(In reply to comment #25)
The preliminary embargo date for this issue has been moved to
earlier date, Monday, 11-th of April, 2011.
This issue has been addressed in following products:
Red Hat Network Satellite Server v 5.3
Red Hat Network Satellite Server v 5.4
Via RHSA-2011:0434 https://rhn.redhat.com/errata/RHSA-2011-0434.html
Created spacewalk-backend tracking bugs for this issue
Affects: fedora-all [bug 695494]