Project

General

Profile

Actions
Copy link

Bug #29244

closed

[installer][insights] This host is running httpd with SSLv3.0 enabled and is therefore vulnerable to POODLE / CVE-2014-3566

Added by Eric Helms about 4 years ago. Updated about 4 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
Eric Helms
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
1795550
Pull request:
https://github.com/theforeman/puppet-foreman/pull/805, https://github.com/theforeman/foreman-installer/pull/480
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1795550

Description of problem:
Fresh installation of a RHEL-7.7/Satellite 6.6.1 reports SSLv3.0 enabled

Version-Release number of selected component (if applicable):
satellite-installer-6.6.0.21-1.el7sat.noarch

How reproducible:
Always

Steps to Reproduce:
1. Install RHEL-7.7/latest Satellite
2. Register insights-client
3. See reports on cloud.redhat.com/insights

Actual results:
"This host is running httpd with SSLv3.0 enabled and is therefore vulnerable to POODLE / CVE-2014-3566" reported by insights rules

Expected results:
Apache's TLS configuration should be limited to TLS-1.2 connections only.

Additional info:

Actions
Copy link
 #1

Updated by The Foreman Bot about 4 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Eric Helms
  • Pull request https://github.com/theforeman/puppet-foreman/pull/805 added
Actions
Copy link
 #2

Updated by The Foreman Bot about 4 years ago

  • Pull request https://github.com/theforeman/foreman-installer/pull/480 added
Actions
Copy link
 #3

Updated by Ewoud Kohl van Wijngaarden about 4 years ago

  • Status changed from Ready For Testing to Rejected

The host isn't actually listening on SSLv3, this is an insights bug.

https://github.com/theforeman/foreman-installer/pull/480#issuecomment-593843521

Actions
Copy link

Also available in: Atom PDF