ID CVE-2012-3359
Summary Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect enforcement of a user timeout.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:conga:*:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:conga:*:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
CVSS
Base: 3.7 (as of 31-03-2014 - 18:12)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:H/Au:N/C:P/I:P/A:P
redhat via4
advisories
bugzilla
id 839732
title Conga Add a Service Screen is Missing Option for Restart-Disable Recovery Policy
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • comment luci is earlier than 0:0.12.2-64.el5
          oval oval:com.redhat.rhsa:tst:20130128001
        • comment luci is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20070331002
      • AND
        • comment ricci is earlier than 0:0.12.2-64.el5
          oval oval:com.redhat.rhsa:tst:20130128003
        • comment ricci is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhba:tst:20070331004
rhsa
id RHSA-2013:0128
released 2013-01-08
severity Low
title RHSA-2013:0128: conga security, bug fix, and enhancement update (Low)
rpms
  • conga-debuginfo-0:0.12.2-64.el5
  • luci-0:0.12.2-64.el5
  • ricci-0:0.12.2-64.el5
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=607179
Last major update 31-03-2014 - 18:12
Published 31-03-2014 - 14:58
Last modified 31-03-2014 - 18:12
Back to Top