Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 4 Apr 2017 08:06:14 +0100
From: Dominic Cleal <>
Subject: CVE-2017-2667: Hammer CLI SSL certificate verification disabled

CVE-2017-2667: SSL/HTTPS server certificates are not verified by default
in Hammer CLI

Hammer CLI, a REST API-based CLI for Foreman, initiated HTTPS
connections via the apipie-bindings and rest-client libraries without
verifying the SSL certificate presented by the server. This could allow
for man-in-the-middle attack.

This issue was reported by Tomas Strachota.

Affects all known Hammer CLI versions
Fix released in Hammer CLI 0.10.0


More information:

Dominic Cleal

Download attachment "signature.asc" of type "application/pgp-signature" (210 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.