Security Advisory

CVE-2015-5152

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-07-14 20:00:00

Last updated 2024-08-06 06:32:32

Assigner redhat

State PUBLISHED

Description

Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.

← Browse all CVEs View on cve.org ↗