CVE-2017-2667 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-2667 PUBLISHED

Reported by redhat · Published March 12, 2018

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.

Affected Products

Vendor	Product	Versions
Foreman	Hammer CLI	0.10.0
RubyGems	hammer_cli_foreman	0, 0
Foreman	Hammer CLI	0.10.0, 0.10.0

Timeline

Mar 12, 2018 CVE Published
Oct 9, 2019 CVE Updated
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score

References

x_refsource_CONFIRM
RHSA-2018:0336 vendor-advisoryx_refsource_REDHAT
x_refsource_CONFIRM
97153 vdb-entryx_refsource_BID
https://nvd.nist.gov/vuln/detail/CVE-2017-2667 advisory

Open in Interactive Console →