CVE-2015-1816 Information

Description

Forman before 1.7.4 does not verify SSL certificates for LDAP connections which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate.

Reference

http://projects.theforeman.org/issues/9858 https://access.redhat.com/errata/RHSA-2015:1591 https://access.redhat.com/errata/RHSA-2015:1592 https://github.com/theforeman/foreman/pull/2265 https://groups.google.com/forum/!topic/foreman-announce/9ZnuPcplNLI