ID CVE-2017-7553
Summary The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoints.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:mobile_application_platform:4.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:mobile_application_platform:4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:mobile_application_platform:4.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:mobile_application_platform:4.4.3:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 31-12-2017 - 02:29)
Impact:
Exploitability:
CWE CWE-918
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2017:2674
  • rhsa
    id RHSA-2017:2675
rpms
  • fh-system-dump-tool-0:1.0.0-5.el7
  • fping-0:3.10-4.el7map
  • fping-debuginfo-0:3.10-4.el7map
  • nagios-0:4.0.8-8.el7map
  • nagios-common-0:4.0.8-8.el7map
  • nagios-debuginfo-0:4.0.8-8.el7map
  • nagios-devel-0:4.0.8-8.el7map
  • nagios-plugins-0:2.0.3-3.el7map
  • nagios-plugins-all-0:2.0.3-3.el7map
  • nagios-plugins-apt-0:2.0.3-3.el7map
  • nagios-plugins-breeze-0:2.0.3-3.el7map
  • nagios-plugins-by_ssh-0:2.0.3-3.el7map
  • nagios-plugins-cluster-0:2.0.3-3.el7map
  • nagios-plugins-dbi-0:2.0.3-3.el7map
  • nagios-plugins-debuginfo-0:2.0.3-3.el7map
  • nagios-plugins-dhcp-0:2.0.3-3.el7map
  • nagios-plugins-dig-0:2.0.3-3.el7map
  • nagios-plugins-disk-0:2.0.3-3.el7map
  • nagios-plugins-disk_smb-0:2.0.3-3.el7map
  • nagios-plugins-dns-0:2.0.3-3.el7map
  • nagios-plugins-dummy-0:2.0.3-3.el7map
  • nagios-plugins-file_age-0:2.0.3-3.el7map
  • nagios-plugins-flexlm-0:2.0.3-3.el7map
  • nagios-plugins-fping-0:2.0.3-3.el7map
  • nagios-plugins-game-0:2.0.3-3.el7map
  • nagios-plugins-hpjd-0:2.0.3-3.el7map
  • nagios-plugins-http-0:2.0.3-3.el7map
  • nagios-plugins-icmp-0:2.0.3-3.el7map
  • nagios-plugins-ide_smart-0:2.0.3-3.el7map
  • nagios-plugins-ifoperstatus-0:2.0.3-3.el7map
  • nagios-plugins-ifstatus-0:2.0.3-3.el7map
  • nagios-plugins-ircd-0:2.0.3-3.el7map
  • nagios-plugins-ldap-0:2.0.3-3.el7map
  • nagios-plugins-load-0:2.0.3-3.el7map
  • nagios-plugins-log-0:2.0.3-3.el7map
  • nagios-plugins-mailq-0:2.0.3-3.el7map
  • nagios-plugins-mrtg-0:2.0.3-3.el7map
  • nagios-plugins-mrtgtraf-0:2.0.3-3.el7map
  • nagios-plugins-mysql-0:2.0.3-3.el7map
  • nagios-plugins-nagios-0:2.0.3-3.el7map
  • nagios-plugins-nt-0:2.0.3-3.el7map
  • nagios-plugins-ntp-0:2.0.3-3.el7map
  • nagios-plugins-ntp-perl-0:2.0.3-3.el7map
  • nagios-plugins-nwstat-0:2.0.3-3.el7map
  • nagios-plugins-oracle-0:2.0.3-3.el7map
  • nagios-plugins-overcr-0:2.0.3-3.el7map
  • nagios-plugins-perl-0:2.0.3-3.el7map
  • nagios-plugins-pgsql-0:2.0.3-3.el7map
  • nagios-plugins-ping-0:2.0.3-3.el7map
  • nagios-plugins-procs-0:2.0.3-3.el7map
  • nagios-plugins-radius-0:2.0.3-3.el7map
  • nagios-plugins-real-0:2.0.3-3.el7map
  • nagios-plugins-rpc-0:2.0.3-3.el7map
  • nagios-plugins-sensors-0:2.0.3-3.el7map
  • nagios-plugins-smtp-0:2.0.3-3.el7map
  • nagios-plugins-snmp-0:2.0.3-3.el7map
  • nagios-plugins-ssh-0:2.0.3-3.el7map
  • nagios-plugins-swap-0:2.0.3-3.el7map
  • nagios-plugins-tcp-0:2.0.3-3.el7map
  • nagios-plugins-time-0:2.0.3-3.el7map
  • nagios-plugins-ups-0:2.0.3-3.el7map
  • nagios-plugins-uptime-0:2.0.3-3.el7map
  • nagios-plugins-users-0:2.0.3-3.el7map
  • nagios-plugins-wave-0:2.0.3-3.el7map
  • perl-Crypt-CBC-0:2.33-2.el7map
  • perl-Crypt-DES-0:2.05-20.el7map
  • perl-Crypt-DES-debuginfo-0:2.05-20.el7map
  • perl-Net-SNMP-0:6.0.1-7.el7map
  • phantomjs-0:1.9.7-3.el7map
  • phantomjs-debuginfo-0:1.9.7-3.el7map
  • python-meld3-0:0.6.10-1.el7map
  • python-meld3-debuginfo-0:0.6.10-1.el7map
  • qstat-0:2.11-13.20080912svn311.el7map
  • qstat-debuginfo-0:2.11-13.20080912svn311.el7map
  • radiusclient-ng-0:0.5.6-9.el7map
  • radiusclient-ng-debuginfo-0:0.5.6-9.el7map
  • radiusclient-ng-devel-0:0.5.6-9.el7map
  • radiusclient-ng-utils-0:0.5.6-9.el7map
  • redis-0:2.8.21-2.el7map
  • redis-debuginfo-0:2.8.21-2.el7map
  • rhmap-fh-openshift-templates-0:4.5.0-11.el7
  • rhmap-mod_authnz_external-0:3.3.1-7.el7map
  • rhmap-mod_authnz_external-debuginfo-0:3.3.1-7.el7map
  • sendEmail-0:1.56-2.el7
  • ssmtp-0:2.64-14.el7map
  • ssmtp-debuginfo-0:2.64-14.el7map
  • supervisor-0:3.1.3-3.el7map
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1478792
Last major update 31-12-2017 - 02:29
Published 29-09-2017 - 01:34
Last modified 31-12-2017 - 02:29
Back to Top