| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.2 | $0-$5k | 0.00 |
Summary
A vulnerability described as critical has been identified in Red Hat Ansible up to 1.9.1. This affects an unknown part of the component Server Hostname Handler. Executing a manipulation can lead to data authenticity. This vulnerability appears as CVE-2015-3908. There is no available exploit. Upgrading the affected component is recommended.
Details
A vulnerability classified as critical was found in Red Hat Ansible up to 1.9.1. This vulnerability affects an unknown code block of the component Server Hostname Handler. The manipulation with an unknown input leads to a data authenticity vulnerability. The CWE definition for the vulnerability is CWE-345. The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. As an impact it is known to affect confidentiality, and integrity. CVE summarizes:
Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
The weakness was presented 08/12/2015 (Website). The advisory is shared for download at openwall.com. This vulnerability was named CVE-2015-3908 since 05/12/2015. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 84523 (FreeBSD : ansible -- multiple vulnerabilities (72fccfdf-2061-11e5-a4a5-002590263bf5)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family FreeBSD Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 168022 (OpenSuSE Security Update for ansible (openSUSE-SU-2015:1452-1)).
Upgrading to version 1.9.2 eliminates this vulnerability.
The vulnerability is also documented in the databases at Tenable (84523), SecurityFocus (BID 75921†) and Vulnerability Center (SBV-51956†). See VDB-102073 for similar entry. Once again VulDB remains the best source for vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.redhat.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.2
VulDB Base Score: 6.5
VulDB Temp Score: 6.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Data authenticityCWE: CWE-345
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 84523
Nessus Name: FreeBSD : ansible -- multiple vulnerabilities (72fccfdf-2061-11e5-a4a5-002590263bf5)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 867773
OpenVAS Name: Fedora Update for ansible FEDORA-2015-10807
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Ansible 1.9.2
Timeline
05/12/2015 🔍07/06/2015 🔍
07/14/2015 🔍
08/12/2015 🔍
08/12/2015 🔍
08/13/2015 🔍
08/13/2015 🔍
11/24/2024 🔍
Sources
Vendor: redhat.comAdvisory: DLA 1923-1
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2015-3908 (🔍)
GCVE (CVE): GCVE-0-2015-3908
GCVE (VulDB): GCVE-100-77068
SecurityFocus: 75921 - Ansible CVE-2015-3908 SSL Certificate Validation Multiple Security Bypass Vulnerabilities
Vulnerability Center: 51956 - Ansible <1.9.2 Remote Man-in-the-Middle Attack via Missing Match of Server Hostname to X.509 Certificate Server Name, Medium
See also: 🔍
Entry
Created: 08/13/2015 10:17Updated: 11/24/2024 12:28
Changes: 08/13/2015 10:17 (53), 10/14/2017 11:28 (14), 06/09/2022 10:56 (3), 06/09/2022 11:02 (1), 08/22/2022 09:36 (2), 11/24/2024 12:28 (20)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.