Red Hat Security Advisory 2015-0957-01

Red Hat Security Advisory 2015-0957-01 – Red Hat Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. It was found that the RPC interface in Satellite would resolve external entities, allowing an attacker to conduct XML External Entity attacks. A remote attacker could use this flaw to read files accessible to the user running the Satellite server, and potentially perform other more advanced XXE attacks.

Leave a Reply