Vulnerability Name:

CVE-2011-0718 (CCN-65657)

Assigned:2011-02-23
Published:2011-02-23
Updated:2017-08-17
Summary:Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay after a failed login attempt, which makes it easier for remote attackers to conduct brute force password guessing attacks.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-287
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2011-0718

Source: CCN
Type: RHSA-2011-0300
Moderate: Red Hat Network Satellite Server security update

Source: CCN
Type: SA43487
Red Hat Network Satellite Server Session Fixation Vulnerability

Source: SECUNIA
Type: Vendor Advisory
43487

Source: CCN
Type: OSVDB ID: 72549
Red Hat Network Satellite Server Failed Login Attempt Delay Brute Force Weakness

Source: REDHAT
Type: UNKNOWN
RHSA-2011:0300

Source: BID
Type: UNKNOWN
46528

Source: CCN
Type: BID-46528
Red Hat Network Satellite Server Multiple Security Bypass Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1025116

Source: VUPEN
Type: Vendor Advisory
ADV-2011-0491

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=672159

Source: XF
Type: UNKNOWN
rhnss-weak-security(65657)

Source: XF
Type: UNKNOWN
rhnss-weak-security(65657)

Source: CCN
Type: RHSA-2011:0300-1
Red Hat Network Satellite Server security update

Vulnerable Configuration:Configuration 1:
  • cpe:/a:redhat:network_satellite_server:5.4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:redhat:network_satellite:5.4:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20110718
    V
    		CVE-2011-0718
    2022-05-20
    oval:org.opensuse.security:def:32205
    P
    		Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)
    2021-10-18
    oval:org.opensuse.security:def:32206
    P
    		Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-10-18
    oval:org.opensuse.security:def:32113
    P
    		Security update for qemu (Important)
    2021-06-08
    oval:org.opensuse.security:def:32112
    P
    		Security update for libX11 (Important)
    2021-06-08
    oval:org.opensuse.security:def:32263
    P
    		Security update for java-1_8_0-ibm (Important)
    2021-02-26
    oval:org.opensuse.security:def:32262
    P
    		Security update for java-1_8_0-openjdk (Moderate)
    2021-02-19
    oval:org.opensuse.security:def:29302
    P
    		Security update for mutt (Important)
    2020-12-07
    oval:org.opensuse.security:def:29301
    P
    		Security update for postgresql12 (Important)
    2020-12-04
    oval:org.opensuse.security:def:32715
    P
    		libicu-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31981
    P
    		Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:32650
    P
    		dhcp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27893
    P
    		Security update for shim
    2020-12-01
    oval:org.opensuse.security:def:28564
    P
    		Security update for OpenJDK 1.6
    2020-12-01
    oval:org.opensuse.security:def:28463
    P
    		Security update for xorg-x11-libX11 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33353
    P
    		Security update for openssl1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32672
    P
    		glib2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27957
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28603
    P
    		Security update for usbmuxd
    2020-12-01
    oval:org.opensuse.security:def:31895
    P
    		Security update for MozillaFirefox, mozilla-nspr (Important)
    2020-12-01
    oval:org.opensuse.security:def:28516
    P
    		Security update for openssl1 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32349
    P
    		Security update for sqlite3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:33392
    P
    		Security update for spacewalk
    2020-12-01
    oval:org.opensuse.security:def:32716
    P
    		libltdl7 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28085
    P
    		Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28619
    P
    		Security update for xorg-x11-libXrender
    2020-12-01
    oval:org.opensuse.security:def:27894
    P
    		Security update for struts
    2020-12-01
    oval:org.opensuse.security:def:28565
    P
    		Security update for kdelibs4
    2020-12-01
    oval:org.opensuse.security:def:27881
    P
    		Security update for rubygem-activesupport-3_2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32505
    P
    		enscript on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33354
    P
    		Security update for openssl1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:28169
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:28663
    P
    		Security update for Mozilla Firefox
    2020-12-01
    oval:org.opensuse.security:def:27958
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28604
    P
    		Security update for vino
    2020-12-01
    oval:org.opensuse.security:def:27883
    P
    		Security update for rubygem-bundler
    2020-12-01
    oval:org.opensuse.security:def:32561
    P
    		libpng12-0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32350
    P
    		Security update for squid (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33393
    P
    		Security update for spacewalk
    2020-12-01
    oval:org.opensuse.security:def:28226
    P
    		Security update for libssh (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28086
    P
    		Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28620
    P
    		Security update for xorg-x11-libXt
    2020-12-01
    oval:org.opensuse.security:def:31906
    P
    		Security update for freeradius-server (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32610
    P
    		unrar on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27882
    P
    		Security update for rubygem-activesupport-3_2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32506
    P
    		evince on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28310
    P
    		Security update for openssl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29337
    P
    		Security update for spacewalk
    2020-12-01
    oval:org.opensuse.security:def:28170
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:28664
    P
    		Security update for Mozilla Firefox
    2020-12-01
    oval:org.opensuse.security:def:31980
    P
    		Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:32649
    P
    		dbus-1-glib on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31896
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:32562
    P
    		libpoppler-glib4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28462
    P
    		Security update for xorg-x11-libX11 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28227
    P
    		Security update for libssh2_org (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32671
    P
    		ghostscript-fonts-other on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31907
    P
    		Security update for freetype2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32611
    P
    		unzip on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31894
    P
    		Security update for fetchmail (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28515
    P
    		Security update for openssl1 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28311
    P
    		Security update for openssl (Important)
    2020-12-01
    oval:org.opensuse.security:def:29338
    P
    		Security update for spacewalk
    2020-12-01
    BACK
    redhat network satellite server 5.4
    redhat network satellite 5.4
    redhat enterprise linux 4