{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2009-0788","title":"Title"},{"category":"description","text":"Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2009-0788","url":"https://www.suse.com/security/cve/CVE-2009-0788"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 685078 for CVE-2009-0788","url":"https://bugzilla.suse.com/685078"}],"title":"SUSE CVE CVE-2009-0788","tracking":{"current_release_date":"2025-08-19T00:04:42Z","generator":{"date":"2023-02-15T06:04:54Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2009-0788","initial_release_date":"2023-02-15T06:04:54Z","revision_history":[{"date":"2023-02-15T06:04:54Z","number":"2","summary":"Current version"},{"date":"2024-07-26T06:44:47Z","number":"3","summary":"Current version"},{"date":"2025-03-16T14:54:37Z","number":"4","summary":"Current version"},{"date":"2025-06-26T05:56:01Z","number":"5","summary":"Current version"},{"date":"2025-08-19T00:04:42Z","number":"6","summary":"Current version"}],"status":"interim","version":"6"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Manager Proxy Module 4.3","product":{"name":"SUSE Manager Proxy Module 4.3","product_id":"SUSE Manager Proxy Module 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-suse-manager-proxy:4.3"}}},{"category":"product_name","name":"SUSE Manager Server Module 4.3","product":{"name":"SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-suse-manager-server:4.3"}}},{"category":"product_version","name":"spacewalk-backend","product":{"name":"spacewalk-backend","product_id":"spacewalk-backend","product_identification_helper":{"purl":"pkg:rpm/suse/spacewalk-backend@?upstream=spacewalk-backend.src.rpm"}}},{"category":"product_version","name":"spacewalk-backend-app","product":{"name":"spacewalk-backend-app","product_id":"spacewalk-backend-app","product_identification_helper":{"purl":"pkg:rpm/suse/spacewalk-backend-app@?upstream=spacewalk-backend.src.rpm"}}},{"category":"product_version","name":"spacewalk-backend-applet","product":{"name":"spacewalk-backend-applet","product_id":"spacewalk-backend-applet","product_identification_helper":{"purl":"pkg:rpm/suse/spacewalk-backend-applet@?upstream=spacewalk-backend.src.rpm"}}},{"category":"product_version","name":"spacewalk-backend-config-files","product":{"name":"spacewalk-backend-config-files","product_id":"spacewalk-backend-config-files","product_identification_helper":{"purl":"pkg:rpm/suse/spacewalk-backend-config-files@?upstream=spacewalk-backend.src.rpm"}}},{"category":"product_version","name":"spacewalk-backend-config-files-common","product":{"name":"spacewalk-backend-config-files-common","product_id":"spacewalk-backend-config-files-common","product_identification_helper":{"purl":"pkg:rpm/suse/spacewalk-backend-config-files-common@?upstream=spacewalk-backend.src.rpm"}}},{"category":"product_version","name":"spacewalk-backend-config-files-tool","product":{"name":"spacewalk-backend-config-files-tool","product_id":"spacewalk-backend-config-files-tool","product_identification_helper":{"purl":"pkg:rpm/suse/spacewalk-backend-config-files-tool@?upstream=spacewalk-backend.src.rpm"}}},{"category":"product_version","name":"spacewalk-backend-iss","product":{"name":"spacewalk-backend-iss","product_id":"spacewalk-backend-iss","product_identification_helper":{"purl":"pkg:rpm/suse/spacewalk-backend-iss@?upstream=spacewalk-backend.src.rpm"}}},{"category":"product_version","name":"spacewalk-backend-iss-export","product":{"name":"spacewalk-backend-iss-export","product_id":"spacewalk-backend-iss-export","product_identification_helper":{"purl":"pkg:rpm/suse/spacewalk-backend-iss-export@?upstream=spacewalk-backend.src.rpm"}}},{"category":"product_version","name":"spacewalk-backend-package-push-server","product":{"name":"spacewalk-backend-package-push-server","product_id":"spacewalk-backend-package-push-server","product_identification_helper":{"purl":"pkg:rpm/suse/spacewalk-backend-package-push-server@?upstream=spacewalk-backend.src.rpm"}}},{"category":"product_version","name":"spacewalk-backend-server","product":{"name":"spacewalk-backend-server","product_id":"spacewalk-backend-server","product_identification_helper":{"purl":"pkg:rpm/suse/spacewalk-backend-server@?upstream=spacewalk-backend.src.rpm"}}},{"category":"product_version","name":"spacewalk-backend-sql","product":{"name":"spacewalk-backend-sql","product_id":"spacewalk-backend-sql","product_identification_helper":{"purl":"pkg:rpm/suse/spacewalk-backend-sql@?upstream=spacewalk-backend.src.rpm"}}},{"category":"product_version","name":"spacewalk-backend-sql-postgresql","product":{"name":"spacewalk-backend-sql-postgresql","product_id":"spacewalk-backend-sql-postgresql","product_identification_helper":{"purl":"pkg:rpm/suse/spacewalk-backend-sql-postgresql@?upstream=spacewalk-backend.src.rpm"}}},{"category":"product_version","name":"spacewalk-backend-tools","product":{"name":"spacewalk-backend-tools","product_id":"spacewalk-backend-tools","product_identification_helper":{"purl":"pkg:rpm/suse/spacewalk-backend-tools@?upstream=spacewalk-backend.src.rpm"}}},{"category":"product_version","name":"spacewalk-backend-xml-export-libs","product":{"name":"spacewalk-backend-xml-export-libs","product_id":"spacewalk-backend-xml-export-libs","product_identification_helper":{"purl":"pkg:rpm/suse/spacewalk-backend-xml-export-libs@?upstream=spacewalk-backend.src.rpm"}}},{"category":"product_version","name":"spacewalk-backend-xmlrpc","product":{"name":"spacewalk-backend-xmlrpc","product_id":"spacewalk-backend-xmlrpc","product_identification_helper":{"purl":"pkg:rpm/suse/spacewalk-backend-xmlrpc@?upstream=spacewalk-backend.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"spacewalk-backend as component of SUSE Manager Proxy Module 4.3","product_id":"SUSE Manager Proxy Module 4.3:spacewalk-backend"},"product_reference":"spacewalk-backend","relates_to_product_reference":"SUSE Manager Proxy Module 4.3"},{"category":"default_component_of","full_product_name":{"name":"spacewalk-backend as component of SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3:spacewalk-backend"},"product_reference":"spacewalk-backend","relates_to_product_reference":"SUSE Manager Server Module 4.3"},{"category":"default_component_of","full_product_name":{"name":"spacewalk-backend-app as component of SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3:spacewalk-backend-app"},"product_reference":"spacewalk-backend-app","relates_to_product_reference":"SUSE Manager Server Module 4.3"},{"category":"default_component_of","full_product_name":{"name":"spacewalk-backend-applet as component of SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3:spacewalk-backend-applet"},"product_reference":"spacewalk-backend-applet","relates_to_product_reference":"SUSE Manager Server Module 4.3"},{"category":"default_component_of","full_product_name":{"name":"spacewalk-backend-config-files as component of SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3:spacewalk-backend-config-files"},"product_reference":"spacewalk-backend-config-files","relates_to_product_reference":"SUSE Manager Server Module 4.3"},{"category":"default_component_of","full_product_name":{"name":"spacewalk-backend-config-files-common as component of SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common"},"product_reference":"spacewalk-backend-config-files-common","relates_to_product_reference":"SUSE Manager Server Module 4.3"},{"category":"default_component_of","full_product_name":{"name":"spacewalk-backend-config-files-tool as component of SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool"},"product_reference":"spacewalk-backend-config-files-tool","relates_to_product_reference":"SUSE Manager Server Module 4.3"},{"category":"default_component_of","full_product_name":{"name":"spacewalk-backend-iss as component of SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3:spacewalk-backend-iss"},"product_reference":"spacewalk-backend-iss","relates_to_product_reference":"SUSE Manager Server Module 4.3"},{"category":"default_component_of","full_product_name":{"name":"spacewalk-backend-iss-export as component of SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3:spacewalk-backend-iss-export"},"product_reference":"spacewalk-backend-iss-export","relates_to_product_reference":"SUSE Manager Server Module 4.3"},{"category":"default_component_of","full_product_name":{"name":"spacewalk-backend-package-push-server as component of SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server"},"product_reference":"spacewalk-backend-package-push-server","relates_to_product_reference":"SUSE Manager Server Module 4.3"},{"category":"default_component_of","full_product_name":{"name":"spacewalk-backend-server as component of SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3:spacewalk-backend-server"},"product_reference":"spacewalk-backend-server","relates_to_product_reference":"SUSE Manager Server Module 4.3"},{"category":"default_component_of","full_product_name":{"name":"spacewalk-backend-sql as component of SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3:spacewalk-backend-sql"},"product_reference":"spacewalk-backend-sql","relates_to_product_reference":"SUSE Manager Server Module 4.3"},{"category":"default_component_of","full_product_name":{"name":"spacewalk-backend-sql-postgresql as component of SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql"},"product_reference":"spacewalk-backend-sql-postgresql","relates_to_product_reference":"SUSE Manager Server Module 4.3"},{"category":"default_component_of","full_product_name":{"name":"spacewalk-backend-tools as component of SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3:spacewalk-backend-tools"},"product_reference":"spacewalk-backend-tools","relates_to_product_reference":"SUSE Manager Server Module 4.3"},{"category":"default_component_of","full_product_name":{"name":"spacewalk-backend-xml-export-libs as component of SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs"},"product_reference":"spacewalk-backend-xml-export-libs","relates_to_product_reference":"SUSE Manager Server Module 4.3"},{"category":"default_component_of","full_product_name":{"name":"spacewalk-backend-xmlrpc as component of SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc"},"product_reference":"spacewalk-backend-xmlrpc","relates_to_product_reference":"SUSE Manager Server Module 4.3"}]},"vulnerabilities":[{"cve":"CVE-2009-0788","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2009-0788"}],"notes":[{"category":"general","text":"Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Manager Proxy Module 4.3:spacewalk-backend","SUSE Manager Server Module 4.3:spacewalk-backend","SUSE Manager Server Module 4.3:spacewalk-backend-app","SUSE Manager Server Module 4.3:spacewalk-backend-applet","SUSE Manager Server Module 4.3:spacewalk-backend-config-files","SUSE Manager Server Module 4.3:spacewalk-backend-config-files-common","SUSE Manager Server Module 4.3:spacewalk-backend-config-files-tool","SUSE Manager Server Module 4.3:spacewalk-backend-iss","SUSE Manager Server Module 4.3:spacewalk-backend-iss-export","SUSE Manager Server Module 4.3:spacewalk-backend-package-push-server","SUSE Manager Server Module 4.3:spacewalk-backend-server","SUSE Manager Server Module 4.3:spacewalk-backend-sql","SUSE Manager Server Module 4.3:spacewalk-backend-sql-postgresql","SUSE Manager Server Module 4.3:spacewalk-backend-tools","SUSE Manager Server Module 4.3:spacewalk-backend-xml-export-libs","SUSE Manager Server Module 4.3:spacewalk-backend-xmlrpc"]},"references":[{"category":"external","summary":"CVE-2009-0788","url":"https://www.suse.com/security/cve/CVE-2009-0788"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 685078 for CVE-2009-0788","url":"https://bugzilla.suse.com/685078"}],"threats":[{"category":"impact","date":"2013-06-28T01:42:28Z","details":"important"}],"title":"CVE-2009-0788"}]}