CVE-2012-2144 - Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote at

CVE-2012-2144

Summary

Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.

References

Vulnerable Configurations

cpe:2.3:a:openstack:horizon:2012.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:horizon:2012.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:horizon:folsom-1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:horizon:folsom-1:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 29-08-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	53399
confirm	https://github.com/openstack/horizon/commit/041b1c44c7d6cf5429505067c32f8f35166a8bab
fedora	FEDORA-2012-7369
misc	https://bugs.launchpad.net/horizon/+bug/978896
mlist	[oss-security] 20120505 [OSSA 2012-006] Horizon session fixation and reuse
osvdb	81741
secunia	49024 49071
ubuntu	USN-1439-1
xf	openstack-dashboard-session-hijacking(75423)

Last major update

29-08-2017 - 01:31

Published

05-06-2012 - 22:55

Last modified

29-08-2017 - 01:31