[Satellite 5] How do I mitigate CVE-2013-4480?

Solution Verified - Updated -

Issue

  • It was found that the web interface provided by Red Hat Satellite to create the initial administrator user was not disabled after the initial user was created. A remote attacker could use this flaw to create an administrator user with credentials they specify. This user could then be used to assume control of the Satellite server. (CVE-2013-4480)

  • How can I mitigate the CVE-2013-4480 vulnerability on my Red Hat Satellite Server?

Environment

  • Red Hat Satellite Server 5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In