CVE-2017-7528

Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For…

redhat·CWE-113·Published 2018-08-22

CVSS

—

EPSS

0.01

KEV

Exploits

cve.orgen

208 chars

Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems (using callback).

NVDen

208 chars

NVDes

237 chars

Ansible Tower tal y como viene con Red Hat CloudForms Management Engine 5 es vulnerable a la inyección de CRLF. Se ha detectado que la cabecera X-Forwarded-For permite a los servidores internos desplegar otros sistemas (usando callback).

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:N/I:P/A:N
3.0	Primary	NVD	6.5	2.8	3.6	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N