Insecure HTTP to HTTPS Redirection in Foreman 1.1 to 1.9.0-RC1

Insecure HTTP to HTTPS Redirection in Foreman 1.1 to 1.9.0-RC1

CVE-2015-5152 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.

Learn more about our User Device Pen Test.