{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client \"authenticity,\" which allows remote attackers to obtain channel content by skipping the initial authentication call."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2013-07-31T10:00:00Z"}, "references": [{"name": "RHSA-2013:0848", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0848.html"}, {"name": "93566", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/93566"}, {"name": "53487", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/53487"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:20:37.488Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2013:0848", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0848.html"}, {"name": "93566", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/93566"}, {"name": "53487", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/53487"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2056", "state": "PUBLISHED", "dateReserved": "2013-02-19T00:00:00Z", "datePublished": "2013-07-31T10:00:00Z", "dateUpdated": "2024-08-06T15:20:37.488Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:satellite:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "D1FDDB68-9828-4DAF-8417-4E3B68ABA2C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:satellite:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "3CCE54F9-0195-4E9D-A15F-3947EA0EBED7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:satellite:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "9B6D3920-6A7D-4AF8-A620-80C89FF454F2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client \"authenticity,\" which allows remote attackers to obtain channel content by skipping the initial authentication call."}, {"lang": "es", "value": "La operaci\u00f3n Inter-Satellite Sync (ISS) en Red Hat Network (RHN) Satellite 5.3, 5.4, y 5.5 no valida adecuadamente la \"autenticidad\" del cliente, lo que permite a atacantes remotos obtener el contenido de un canal evitando la llamada inicial para la autenticaci\u00f3n."}], "id": "CVE-2013-2056", "lastModified": "2022-02-03T16:26:48.457", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-07-31T13:20:24.697", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0848.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/53487"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/93566"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Jan Pazdziora (Red Hat Satellite Engineering team).", "affected_release": [{"advisory": "RHSA-2013:0848", "cpe": "cpe:/a:redhat:network_satellite:5.3::el5", "package": "spacewalk-backend-0:0.5.28-59.3.el5sat", "product_name": "Red Hat Network Satellite Server v 5.3", "release_date": "2013-05-21T00:00:00Z"}, {"advisory": "RHSA-2013:0848", "cpe": "cpe:/a:redhat:network_satellite:5.4::el5", "package": "spacewalk-backend-0:1.2.13-79.el6sat", "product_name": "Red Hat Network Satellite Server v 5.4", "release_date": "2013-05-21T00:00:00Z"}, {"advisory": "RHSA-2013:0848", "cpe": "cpe:/a:redhat:network_satellite:5.5::el5", "package": "spacewalk-backend-0:1.7.38-45.el5sat", "product_name": "Red Hat Network Satellite Server v 5.5", "release_date": "2013-05-21T00:00:00Z"}], "bugzilla": {"description": "Satellite: Inter-Satellite Sync (ISS) does not require authentication/authorization", "id": "959524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=959524"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "verified"}, "details": ["The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client \"authenticity,\" which allows remote attackers to obtain channel content by skipping the initial authentication call."], "name": "CVE-2013-2056", "package_state": [{"cpe": "cpe:/a:redhat:network_satellite:5.2", "fix_state": "Not affected", "package_name": "Server", "product_name": "Red Hat Satellite 5.2"}], "public_date": "2013-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-2056\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2056"], "threat_severity": "Moderate"}