ID CVE-2012-2144
Summary Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.
References
Vulnerable Configurations
  • cpe:2.3:a:openstack:horizon:2012.1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:horizon:2012.1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:horizon:folsom-1:*:*:*:*:*:*:*
    cpe:2.3:a:openstack:horizon:folsom-1:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 29-08-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 53399
confirm https://github.com/openstack/horizon/commit/041b1c44c7d6cf5429505067c32f8f35166a8bab
fedora FEDORA-2012-7369
misc https://bugs.launchpad.net/horizon/+bug/978896
mlist [oss-security] 20120505 [OSSA 2012-006] Horizon session fixation and reuse
osvdb 81741
secunia
  • 49024
  • 49071
ubuntu USN-1439-1
xf openstack-dashboard-session-hijacking(75423)
Last major update 29-08-2017 - 01:31
Published 05-06-2012 - 22:55
Last modified 29-08-2017 - 01:31
Back to Top