RHEL 7:Satellite Server (RHSA-2015:1591)
medium Nessus 插件 ID 85715
语言:
简介
远程 Red Hat 主机缺少一个或多个安全更新。描述
Red Hat Satellite 6.1 现已适用于 Red Hat Enterprise Linux 7。Red Hat Satellite 是基于 Linux 基础架构的系统管理工具。它允许通过单一集中化工具配置、远程管理和监控多项 Linux 部署。该解决方案可执行预定义标准操作环境的设置和配置管理。
此次更新为 Red Hat Enterprise Linux 7 提供 Satellite 6.1 程序包。有关 Satellite 6.1 提供的新功能的完整列表,请参阅“参考”部分中链接的发行说明。(BZ#1201357)
已发现在 Foreman 中,edit_users 权限(例如授予 Manager 角色的权限)允许用户编辑 admin 用户密码。具有 edit_users 权限的攻击者可利用此缺陷访问 admin 用户帐户,从而造成权限升级。(CVE-2015-3235)
已发现 Foreman 没有在会话 Cookie 中设置 HttpOnly 标记。这样可能允许恶意脚本访问会话 Cookie。(CVE-2015-3155)
已发现针对 Foreman 中的 LDAP 认证源建立 SSL 连接时,接受远程服务器证书前未对已知证书颁发机构进行任何验证,这可能导致 TLS 连接遭受中间人的攻击。(CVE-2015-1816)
未明确设置组织时,在 Foreman 通过 API 为针对资源的用户操作授权的方式中发现一个缺陷。远程攻击者可利用此缺陷获取其本无权访问的资源的其他相关信息。(CVE-2015-1844)
发现 Foreman 的模板预览屏幕中存在一个跨站脚本 (XSS) 缺陷。远程攻击者可利用此缺陷诱骗用户查看恶意模板,从而执行跨站脚本攻击。请注意,用户之间通常共享模板。(CVE-2014-3653)
已发现 python-oauth2 未正确验证已签名 URL 的临时信息。如果攻击者可以使用 OAuth2 认证捕获网站的网络流量,则可以利用此缺陷对该网站进行重放攻击。(CVE-2013-4346)
已发现 python-oauth2 未正确生成在临时信息中使用的随机值。如果攻击者可以使用 OAuth2 认证捕获网站的网络流量,则可以利用此缺陷对该网站进行重放攻击。(CVE-2013-4347)
Red Hat 在此感谢 Coresec 的 Rufus Järnefelt 报告 Foreman HttpOnly 问题。
建议所有需要 Satellite 6.1 的用户安装这些新程序包。
解决方案
更新受影响的数据包。另见
https://access.redhat.com/errata/RHSA-2015:1591
https://access.redhat.com/security/cve/cve-2013-4346
https://access.redhat.com/security/cve/cve-2013-4347
https://access.redhat.com/security/cve/cve-2014-3653
https://access.redhat.com/security/cve/cve-2015-1816
https://access.redhat.com/security/cve/cve-2015-1844
插件详情
严重性: Medium
ID: 85715
文件名: redhat-RHSA-2015-1591.nasl
版本: 2.9
类型: local
代理: unix
发布时间: 2015/9/1
最近更新时间: 2019/10/24
支持的传感器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
风险信息
VPR
风险因素: Medium
分数: 5.5
CVSS v2
风险因素: Medium
基本分数: 6
时间分数: 4.4
矢量: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P
漏洞信息
CPE: p-cpe:/a:redhat:enterprise_linux:aether-api, p-cpe:/a:redhat:enterprise_linux:aether-connector-wagon, p-cpe:/a:redhat:enterprise_linux:aether-impl, p-cpe:/a:redhat:enterprise_linux:aether-spi, p-cpe:/a:redhat:enterprise_linux:aether-util, p-cpe:/a:redhat:enterprise_linux:ant-junit, p-cpe:/a:redhat:enterprise_linux:aopalliance, p-cpe:/a:redhat:enterprise_linux:apache-commons-codec-eap6, p-cpe:/a:redhat:enterprise_linux:apache-commons-net, p-cpe:/a:redhat:enterprise_linux:apache-ivy, p-cpe:/a:redhat:enterprise_linux:apache-mime4j, p-cpe:/a:redhat:enterprise_linux:apache-parent, p-cpe:/a:redhat:enterprise_linux:apache-resource-bundles, p-cpe:/a:redhat:enterprise_linux:atinject, p-cpe:/a:redhat:enterprise_linux:bouncycastle, p-cpe:/a:redhat:enterprise_linux:bsf, p-cpe:/a:redhat:enterprise_linux:c3p0, p-cpe:/a:redhat:enterprise_linux:candlepin, p-cpe:/a:redhat:enterprise_linux:candlepin-common, p-cpe:/a:redhat:enterprise_linux:candlepin-guice, p-cpe:/a:redhat:enterprise_linux:candlepin-scl, p-cpe:/a:redhat:enterprise_linux:candlepin-scl-quartz, p-cpe:/a:redhat:enterprise_linux:candlepin-scl-rhino, p-cpe:/a:redhat:enterprise_linux:candlepin-scl-runtime, p-cpe:/a:redhat:enterprise_linux:candlepin-selinux, p-cpe:/a:redhat:enterprise_linux:candlepin-tomcat, p-cpe:/a:redhat:enterprise_linux:cdi-api, p-cpe:/a:redhat:enterprise_linux:cglib, p-cpe:/a:redhat:enterprise_linux:createrepo_c, p-cpe:/a:redhat:enterprise_linux:createrepo_c-debuginfo, p-cpe:/a:redhat:enterprise_linux:createrepo_c-libs, p-cpe:/a:redhat:enterprise_linux:elasticsearch, p-cpe:/a:redhat:enterprise_linux:facter, p-cpe:/a:redhat:enterprise_linux:facter-debuginfo, p-cpe:/a:redhat:enterprise_linux:fasterxml-oss-parent, p-cpe:/a:redhat:enterprise_linux:felix-framework, p-cpe:/a:redhat:enterprise_linux:foreman, p-cpe:/a:redhat:enterprise_linux:foreman-compute, p-cpe:/a:redhat:enterprise_linux:foreman-debug, p-cpe:/a:redhat:enterprise_linux:foreman-discovery-image, p-cpe:/a:redhat:enterprise_linux:foreman-gce, p-cpe:/a:redhat:enterprise_linux:foreman-libvirt, p-cpe:/a:redhat:enterprise_linux:foreman-ovirt, p-cpe:/a:redhat:enterprise_linux:foreman-postgresql, p-cpe:/a:redhat:enterprise_linux:foreman-proxy, p-cpe:/a:redhat:enterprise_linux:foreman-selinux, p-cpe:/a:redhat:enterprise_linux:foreman-vmware, p-cpe:/a:redhat:enterprise_linux:gettext-commons, p-cpe:/a:redhat:enterprise_linux:gofer, p-cpe:/a:redhat:enterprise_linux:google-guice, p-cpe:/a:redhat:enterprise_linux:gperftools-debuginfo, p-cpe:/a:redhat:enterprise_linux:gperftools-libs, p-cpe:/a:redhat:enterprise_linux:groovy, p-cpe:/a:redhat:enterprise_linux:guava, p-cpe:/a:redhat:enterprise_linux:gutterball, p-cpe:/a:redhat:enterprise_linux:hawtjni, p-cpe:/a:redhat:enterprise_linux:hfsplus-tools, p-cpe:/a:redhat:enterprise_linux:hfsplus-tools-debuginfo, p-cpe:/a:redhat:enterprise_linux:hibernate-beanvalidation-api, p-cpe:/a:redhat:enterprise_linux:hibernate-jpa-2.0-api, p-cpe:/a:redhat:enterprise_linux:hibernate3-commons-annotations, p-cpe:/a:redhat:enterprise_linux:hibernate4-c3p0, p-cpe:/a:redhat:enterprise_linux:hibernate4-core, p-cpe:/a:redhat:enterprise_linux:hibernate4-entitymanager, p-cpe:/a:redhat:enterprise_linux:hibernate4-validator, p-cpe:/a:redhat:enterprise_linux:hiera, p-cpe:/a:redhat:enterprise_linux:pulp-katello, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-child, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-common, p-cpe:/a:redhat:enterprise_linux:pulp-nodes-parent, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-plugins, p-cpe:/a:redhat:enterprise_linux:hornetq, p-cpe:/a:redhat:enterprise_linux:ipxe-bootimgs, p-cpe:/a:redhat:enterprise_linux:jackson-annotations, p-cpe:/a:redhat:enterprise_linux:jackson-core, p-cpe:/a:redhat:enterprise_linux:jackson-databind, p-cpe:/a:redhat:enterprise_linux:jackson-datatype-hibernate-parent, p-cpe:/a:redhat:enterprise_linux:jackson-datatype-hibernate4, p-cpe:/a:redhat:enterprise_linux:jackson-jaxrs-base, p-cpe:/a:redhat:enterprise_linux:jackson-jaxrs-json-provider, p-cpe:/a:redhat:enterprise_linux:jackson-jaxrs-providers, p-cpe:/a:redhat:enterprise_linux:jackson-module-jaxb-annotations, p-cpe:/a:redhat:enterprise_linux:janino, p-cpe:/a:redhat:enterprise_linux:jansi, p-cpe:/a:redhat:enterprise_linux:jansi-native, p-cpe:/a:redhat:enterprise_linux:jboss-ejb-3.1-api, p-cpe:/a:redhat:enterprise_linux:jboss-el-2.2-api, p-cpe:/a:redhat:enterprise_linux:jboss-interceptors-1.1-api, p-cpe:/a:redhat:enterprise_linux:jboss-jaxb-api_2.2_spec, p-cpe:/a:redhat:enterprise_linux:jboss-jaxrpc-1.1-api, p-cpe:/a:redhat:enterprise_linux:jboss-logging, p-cpe:/a:redhat:enterprise_linux:jboss-parent, p-cpe:/a:redhat:enterprise_linux:jboss-servlet-3.0-api, p-cpe:/a:redhat:enterprise_linux:jboss-specs-parent, p-cpe:/a:redhat:enterprise_linux:jboss-transaction-1.1-api, p-cpe:/a:redhat:enterprise_linux:jboss-transaction-api_1.1_spec, p-cpe:/a:redhat:enterprise_linux:jsch, p-cpe:/a:redhat:enterprise_linux:jsoup, p-cpe:/a:redhat:enterprise_linux:jsr-305, p-cpe:/a:redhat:enterprise_linux:jsr-311, p-cpe:/a:redhat:enterprise_linux:jzlib, p-cpe:/a:redhat:enterprise_linux:katello, p-cpe:/a:redhat:enterprise_linux:katello-agent, p-cpe:/a:redhat:enterprise_linux:katello-certs-tools, p-cpe:/a:redhat:enterprise_linux:katello-common, p-cpe:/a:redhat:enterprise_linux:katello-debug, p-cpe:/a:redhat:enterprise_linux:katello-installer, p-cpe:/a:redhat:enterprise_linux:katello-installer-base, p-cpe:/a:redhat:enterprise_linux:katello-service, p-cpe:/a:redhat:enterprise_linux:katello-utils, p-cpe:/a:redhat:enterprise_linux:libdb-cxx, p-cpe:/a:redhat:enterprise_linux:libdb-debuginfo, p-cpe:/a:redhat:enterprise_linux:libqpid-dispatch, p-cpe:/a:redhat:enterprise_linux:liquibase, p-cpe:/a:redhat:enterprise_linux:livecd-tools, p-cpe:/a:redhat:enterprise_linux:logback, p-cpe:/a:redhat:enterprise_linux:lucene4, p-cpe:/a:redhat:enterprise_linux:lucene4-contrib, p-cpe:/a:redhat:enterprise_linux:maven, p-cpe:/a:redhat:enterprise_linux:maven-artifact, p-cpe:/a:redhat:enterprise_linux:maven-artifact-manager, p-cpe:/a:redhat:enterprise_linux:maven-artifact-resolver, p-cpe:/a:redhat:enterprise_linux:maven-common-artifact-filters, p-cpe:/a:redhat:enterprise_linux:maven-compiler-plugin, p-cpe:/a:redhat:enterprise_linux:maven-file-management, p-cpe:/a:redhat:enterprise_linux:maven-filtering, p-cpe:/a:redhat:enterprise_linux:maven-invoker, p-cpe:/a:redhat:enterprise_linux:maven-model, p-cpe:/a:redhat:enterprise_linux:maven-monitor, p-cpe:/a:redhat:enterprise_linux:maven-parent, p-cpe:/a:redhat:enterprise_linux:maven-plugin-registry, p-cpe:/a:redhat:enterprise_linux:maven-profile, p-cpe:/a:redhat:enterprise_linux:maven-project, p-cpe:/a:redhat:enterprise_linux:maven-release, p-cpe:/a:redhat:enterprise_linux:maven-release-manager, p-cpe:/a:redhat:enterprise_linux:maven-release-plugin, p-cpe:/a:redhat:enterprise_linux:maven-remote-resources-plugin, p-cpe:/a:redhat:enterprise_linux:maven-scm, p-cpe:/a:redhat:enterprise_linux:maven-settings, p-cpe:/a:redhat:enterprise_linux:maven-shared-incremental, p-cpe:/a:redhat:enterprise_linux:maven-shared-io, p-cpe:/a:redhat:enterprise_linux:maven-shared-utils, p-cpe:/a:redhat:enterprise_linux:maven-toolchain, p-cpe:/a:redhat:enterprise_linux:maven-wagon, p-cpe:/a:redhat:enterprise_linux:mod_passenger, p-cpe:/a:redhat:enterprise_linux:modello, p-cpe:/a:redhat:enterprise_linux:mongodb, p-cpe:/a:redhat:enterprise_linux:mongodb-debuginfo, p-cpe:/a:redhat:enterprise_linux:mongodb-server, p-cpe:/a:redhat:enterprise_linux:pulp-puppet-tools, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-admin-extensions, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-handlers, p-cpe:/a:redhat:enterprise_linux:pulp-rpm-plugins, p-cpe:/a:redhat:enterprise_linux:pulp-selinux, p-cpe:/a:redhat:enterprise_linux:nekohtml, p-cpe:/a:redhat:enterprise_linux:netty, p-cpe:/a:redhat:enterprise_linux:oauth, p-cpe:/a:redhat:enterprise_linux:objectweb-asm, p-cpe:/a:redhat:enterprise_linux:openscap, p-cpe:/a:redhat:enterprise_linux:openscap-debuginfo, p-cpe:/a:redhat:enterprise_linux:openscap-python, p-cpe:/a:redhat:enterprise_linux:openscap-scanner, p-cpe:/a:redhat:enterprise_linux:openscap-utils, p-cpe:/a:redhat:enterprise_linux:plexus-build-api, p-cpe:/a:redhat:enterprise_linux:plexus-cipher, p-cpe:/a:redhat:enterprise_linux:plexus-classworlds, p-cpe:/a:redhat:enterprise_linux:plexus-compiler, p-cpe:/a:redhat:enterprise_linux:plexus-component-api, p-cpe:/a:redhat:enterprise_linux:plexus-containers-component-annotations, p-cpe:/a:redhat:enterprise_linux:plexus-containers-container-default, p-cpe:/a:redhat:enterprise_linux:plexus-interactivity, p-cpe:/a:redhat:enterprise_linux:plexus-interpolation, p-cpe:/a:redhat:enterprise_linux:plexus-resources, p-cpe:/a:redhat:enterprise_linux:plexus-sec-dispatcher, p-cpe:/a:redhat:enterprise_linux:plexus-utils, p-cpe:/a:redhat:enterprise_linux:plexus-velocity, p-cpe:/a:redhat:enterprise_linux:pulp-admin-client, p-cpe:/a:redhat:enterprise_linux:pulp-docker-plugins, p-cpe:/a:redhat:enterprise_linux:python-gofer-proton, p-cpe:/a:redhat:enterprise_linux:python-gofer-qpid, p-cpe:/a:redhat:enterprise_linux:python-httplib2, p-cpe:/a:redhat:enterprise_linux:python-imgcreate, p-cpe:/a:redhat:enterprise_linux:python-isodate, p-cpe:/a:redhat:enterprise_linux:python-itsdangerous, p-cpe:/a:redhat:enterprise_linux:python-jinja2, p-cpe:/a:redhat:enterprise_linux:python-kombu, p-cpe:/a:redhat:enterprise_linux:python-mongoengine, p-cpe:/a:redhat:enterprise_linux:python-nectar, p-cpe:/a:redhat:enterprise_linux:python-oauth2, p-cpe:/a:redhat:enterprise_linux:python-okaara, p-cpe:/a:redhat:enterprise_linux:python-pulp-agent-lib, p-cpe:/a:redhat:enterprise_linux:python-pulp-bindings, p-cpe:/a:redhat:enterprise_linux:python-pulp-client-lib, p-cpe:/a:redhat:enterprise_linux:python-pulp-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-docker-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-puppet-common, p-cpe:/a:redhat:enterprise_linux:python-pulp-rpm-common, p-cpe:/a:redhat:enterprise_linux:python-pymongo, p-cpe:/a:redhat:enterprise_linux:python-pymongo-debuginfo, p-cpe:/a:redhat:enterprise_linux:python-pymongo-gridfs, p-cpe:/a:redhat:enterprise_linux:python-qpid, p-cpe:/a:redhat:enterprise_linux:python-qpid-proton, p-cpe:/a:redhat:enterprise_linux:python-qpid-qmf, p-cpe:/a:redhat:enterprise_linux:python-requests, p-cpe:/a:redhat:enterprise_linux:python-saslwrapper, p-cpe:/a:redhat:enterprise_linux:python-semantic-version, p-cpe:/a:redhat:enterprise_linux:python-simplejson, p-cpe:/a:redhat:enterprise_linux:python-simplejson-debuginfo, p-cpe:/a:redhat:enterprise_linux:python-webpy, p-cpe:/a:redhat:enterprise_linux:python-werkzeug, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-client-devel, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-debuginfo, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server-devel, p-cpe:/a:redhat:enterprise_linux:qpid-cpp-server-linearstore, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-debuginfo, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-router, p-cpe:/a:redhat:enterprise_linux:qpid-dispatch-tools, p-cpe:/a:redhat:enterprise_linux:qpid-java-client, p-cpe:/a:redhat:enterprise_linux:qpid-java-common, p-cpe:/a:redhat:enterprise_linux:qpid-proton-c, p-cpe:/a:redhat:enterprise_linux:qpid-proton-debuginfo, p-cpe:/a:redhat:enterprise_linux:qpid-qmf, p-cpe:/a:redhat:enterprise_linux:qpid-qmf-debuginfo, p-cpe:/a:redhat:enterprise_linux:qpid-tools, p-cpe:/a:redhat:enterprise_linux:resteasy, p-cpe:/a:redhat:enterprise_linux:ruby-augeas, p-cpe:/a:redhat:enterprise_linux:ruby-augeas-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby-rgen, p-cpe:/a:redhat:enterprise_linux:ruby-shadow, p-cpe:/a:redhat:enterprise_linux:ruby-shadow-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-facter, p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-wrapper, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-addressable, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-algebrick, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ancestry, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-anemone, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-angular-rails-templates, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ansi, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-apipie-params, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-apipie-rails, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-archive-tar-minitar, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-audited, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-audited-activerecord, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-autoparse, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-bastion, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-bundler_ext, p-cpe:/a:redhat:enterprise_linux:pulp-server, p-cpe:/a:redhat:enterprise_linux:puppet, p-cpe:/a:redhat:enterprise_linux:puppet-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:puppet-server, p-cpe:/a:redhat:enterprise_linux:puppetlabs-stdlib, p-cpe:/a:redhat:enterprise_linux:python-beautifulsoup, p-cpe:/a:redhat:enterprise_linux:python-amqp, p-cpe:/a:redhat:enterprise_linux:python-billiard, p-cpe:/a:redhat:enterprise_linux:python-billiard-debuginfo, p-cpe:/a:redhat:enterprise_linux:python-blinker, p-cpe:/a:redhat:enterprise_linux:python-bson, p-cpe:/a:redhat:enterprise_linux:python-celery, p-cpe:/a:redhat:enterprise_linux:python-cherrypy, p-cpe:/a:redhat:enterprise_linux:python-crane, p-cpe:/a:redhat:enterprise_linux:python-flask, p-cpe:/a:redhat:enterprise_linux:python-gofer, p-cpe:/a:redhat:enterprise_linux:rubygem-fast_gettext, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-commonjs, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-daemons, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-deep_cloneable, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-deface, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-docker-api, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-dynflow, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-excon, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-extlib, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-faraday, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fast_gettext, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ffi, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ffi-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-brightbox, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-core, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-json, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-radosgw, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-sakuracloud, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-softlayer, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-fog-xml, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreigner, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman-redhat_access, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman-tasks, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_abrt, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_discovery, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_docker, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_gutterball, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_hooks, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-foreman_openscap, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-formatador, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-friendly_id, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-gettext_i18n_rails, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-gettext_i18n_rails_js, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-google-api-client, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-haml, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-haml-rails, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-hashr, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-hooks, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-hpricot, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-hpricot-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-i18n_data, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ipaddress, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-jquery-ui-rails, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-justified, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-jwt, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-katello, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-launchy, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ldap_fluff, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-less, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-less-rails, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-little-plugger, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-logging, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-multi_json, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-multi_json-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-multipart-post, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-net-ldap, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-net-scp, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-net-ssh, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-nokogiri, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-nokogiri-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-oauth, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-openscap, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ovirt_provision_plugin, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-passenger, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-passenger-native, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-passenger-native-libs, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-pg, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-pg-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-po_to_json, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-qpid_messaging, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-qpid_messaging-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rabl, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rbovirt, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rbvmomi, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-redhat_access_lib, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rest-client, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-robotex, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby-libvirt, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby-libvirt-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby2ruby, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby_parser, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-runcible, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-safemode, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sass, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sass-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-scaptimony, p-cpe:/a:redhat:enterprise_linux:rubygem-fastercsv, p-cpe:/a:redhat:enterprise_linux:rubygem-ffi, p-cpe:/a:redhat:enterprise_linux:rubygem-ffi-debuginfo, p-cpe:/a:redhat:enterprise_linux:rubygem-foreman_scap_client, p-cpe:/a:redhat:enterprise_linux:rubygem-gssapi, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_csv, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_foreman, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_foreman_bootdisk, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_foreman_discovery, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_foreman_docker, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_foreman_docker-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_foreman_tasks, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_gutterball, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_import, p-cpe:/a:redhat:enterprise_linux:rubygem-hammer_cli_katello, p-cpe:/a:redhat:enterprise_linux:rubygem-hashie, p-cpe:/a:redhat:enterprise_linux:rubygem-highline, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo, p-cpe:/a:redhat:enterprise_linux:rubygem-kafo_parsers, p-cpe:/a:redhat:enterprise_linux:rubygem-little-plugger, p-cpe:/a:redhat:enterprise_linux:rubygem-locale, p-cpe:/a:redhat:enterprise_linux:rubygem-logging, p-cpe:/a:redhat:enterprise_linux:rubygem-mime-types, p-cpe:/a:redhat:enterprise_linux:rubygem-multi_json, p-cpe:/a:redhat:enterprise_linux:rubygem-multi_json-doc, p-cpe:/a:redhat:enterprise_linux:rubygem-oauth, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-scoped_search, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-secure_headers, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sequel, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sexp_processor, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-signet, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sprockets, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sprockets-doc, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-sshkey, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-strong_parameters, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-tire, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-trollop, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-unf, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-unf-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-unf_ext, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-unf_ext-debuginfo, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-uuidtools, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-validates_lengths_from_database, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-wicked, p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-will_paginate, p-cpe:/a:redhat:enterprise_linux:rubygem-ansi, p-cpe:/a:redhat:enterprise_linux:rubygem-apipie-bindings, p-cpe:/a:redhat:enterprise_linux:rubygem-awesome_print, p-cpe:/a:redhat:enterprise_linux:rubygem-bundler_ext, p-cpe:/a:redhat:enterprise_linux:rubygem-clamp, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native, p-cpe:/a:redhat:enterprise_linux:rubygem-passenger-native-libs, p-cpe:/a:redhat:enterprise_linux:rubygem-powerbar, p-cpe:/a:redhat:enterprise_linux:rubygem-rack, p-cpe:/a:redhat:enterprise_linux:rubygem-rack-protection, p-cpe:/a:redhat:enterprise_linux:rubygem-rake, p-cpe:/a:redhat:enterprise_linux:rubygem-rb-readline, p-cpe:/a:redhat:enterprise_linux:rubygem-rest-client, p-cpe:/a:redhat:enterprise_linux:rubygem-rkerberos, p-cpe:/a:redhat:enterprise_linux:rubygem-rkerberos-debuginfo, p-cpe:/a:redhat:enterprise_linux:rubygem-rubyipmi, p-cpe:/a:redhat:enterprise_linux:rubygem-satyr, p-cpe:/a:redhat:enterprise_linux:rubygem-sinatra, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_abrt, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_discovery, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_openscap, p-cpe:/a:redhat:enterprise_linux:rubygem-smart_proxy_pulp, p-cpe:/a:redhat:enterprise_linux:rubygem-table_print, p-cpe:/a:redhat:enterprise_linux:rubygem-tilt, p-cpe:/a:redhat:enterprise_linux:saslwrapper, p-cpe:/a:redhat:enterprise_linux:saslwrapper-debuginfo, p-cpe:/a:redhat:enterprise_linux:sigar, p-cpe:/a:redhat:enterprise_linux:sigar-debuginfo, p-cpe:/a:redhat:enterprise_linux:sigar-java, p-cpe:/a:redhat:enterprise_linux:sisu-inject-bean, p-cpe:/a:redhat:enterprise_linux:sisu-inject-plexus, p-cpe:/a:redhat:enterprise_linux:snappy-java, p-cpe:/a:redhat:enterprise_linux:snappy-java-debuginfo, p-cpe:/a:redhat:enterprise_linux:v8, p-cpe:/a:redhat:enterprise_linux:v8-debuginfo, p-cpe:/a:redhat:enterprise_linux:xbean, p-cpe:/a:redhat:enterprise_linux:xpp3-minimal, p-cpe:/a:redhat:enterprise_linux:xstream, cpe:/o:redhat:enterprise_linux:7
必需的 KB 项: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
易利用性: No known exploits are available
补丁发布日期: 2015/8/12
漏洞发布日期: 2014/5/20
参考资料信息
CVE: CVE-2013-4346, CVE-2013-4347, CVE-2014-3653, CVE-2015-1816, CVE-2015-1844, CVE-2015-3155, CVE-2015-3235
RHSA: 2015:1591