Improper Configuration in redhat-certification 7 Allows Unauthorized Access to Sensible Information

Improper Configuration in redhat-certification 7 Allows Unauthorized Access to Sensible Information

CVE-2018-10863 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information.

Learn more about our Cis Benchmark Audit For Red Hat Enterprise Linux.