{"containers": {"cna": {"affected": [{"product": "spacewalk", "vendor": "spacewalk", "versions": [{"status": "affected", "version": "2.6"}]}], "datePublic": "2018-03-14T00:00:00", "descriptions": [{"lang": "en", "value": "Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-611", "description": "CWE-611", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-03-14T17:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555429"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "DATE_PUBLIC": "2018-03-14T00:00:00", "ID": "CVE-2018-1077", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "spacewalk", "version": {"version_data": [{"version_value": "2.6"}]}}]}, "vendor_name": "spacewalk"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-611"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1555429", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555429"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:51:48.975Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555429"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1077", "datePublished": "2018-03-14T18:00:00Z", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-09-17T01:21:18.539Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:spacewalk:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "61AF44A9-0E9D-4EC5-8D1E-6A60F83CBE4C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:satellite:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "BE6BFE59-8452-45DF-A6DD-75EACE54E180", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server."}, {"lang": "es", "value": "Spacewalk 2.6 contiene una API que tiene un error XEE (XML External Entity) que permite la divulgaci\u00f3n de informaci\u00f3n potencialmente sensible del servidor."}], "id": "CVE-2018-1077", "lastModified": "2024-11-21T03:59:07.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-14T18:29:00.420", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555429"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555429"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "spacewalk: XML External Entity (XXE) on Spacewalk APIs", "id": "1555429", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555429"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-611", "details": ["Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.", "Spacewalk includes an API endpoint that can be abused by attackers to execute an XXE (XML External Entity Reference) allowing for the disclosure of potentially sensitive information."], "name": "CVE-2018-1077", "package_state": [{"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Will not fix", "package_name": "spacewalk", "product_name": "Red Hat Satellite 5"}], "public_date": "2018-03-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-1077\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1077"], "statement": "This issue affects the versions of spacewalk as shipped with Red Hat Satellite 5. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate", "upstream_fix": "redstone-xmlrpc 1.1_20071120-20"}