ID CVE-2012-2735
Summary Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie.
References
Vulnerable Configurations
  • cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*
  • cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*
  • cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*
  • cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*
  • cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*
  • cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*
  • cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*
  • cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*
  • cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*
  • cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*
  • cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*
  • cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*
  • cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*
  • cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*
  • cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*
  • cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*
  • cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*
  • cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*
  • cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*
  • cpe:2.3:a:trevor_mckay:cumin:0.1.5192-4:*:*:*:*:*:*:*
    cpe:2.3:a:trevor_mckay:cumin:0.1.5192-4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
CVSS
Base: 4.9 (as of 13-02-2023 - 04:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:N
redhat via4
advisories
  • rhsa
    id RHSA-2012:1278
  • rhsa
    id RHSA-2012:1281
rpms
  • condor-0:7.6.5-0.22.el5
  • condor-aviary-0:7.6.5-0.22.el5
  • condor-classads-0:7.6.5-0.22.el5
  • condor-debuginfo-0:7.6.5-0.22.el5
  • condor-kbdd-0:7.6.5-0.22.el5
  • condor-qmf-0:7.6.5-0.22.el5
  • condor-vm-gahp-0:7.6.5-0.22.el5
  • condor-wallaby-base-db-0:1.23-1.el5
  • condor-wallaby-client-0:4.1.3-1.el5
  • condor-wallaby-tools-0:4.1.3-1.el5
  • cumin-0:0.1.5444-3.el5
  • python-wallaby-0:0.12.5-10.el5
  • python-wallabyclient-0:4.1.3-1.el5
  • ruby-wallaby-0:0.12.5-10.el5
  • sesame-0:1.0-4.el5
  • sesame-debuginfo-0:1.0-4.el5
  • wallaby-0:0.12.5-10.el5
  • wallaby-utils-0:0.12.5-10.el5
  • condor-0:7.6.5-0.22.el6
  • condor-aviary-0:7.6.5-0.22.el6
  • condor-classads-0:7.6.5-0.22.el6
  • condor-cluster-resource-agent-0:7.6.5-0.22.el6
  • condor-debuginfo-0:7.6.5-0.22.el6
  • condor-deltacloud-gahp-0:7.6.5-0.22.el6
  • condor-kbdd-0:7.6.5-0.22.el6
  • condor-plumage-0:7.6.5-0.22.el6
  • condor-qmf-0:7.6.5-0.22.el6
  • condor-vm-gahp-0:7.6.5-0.22.el6
  • condor-wallaby-base-db-0:1.23-1.el6
  • condor-wallaby-client-0:4.1.3-1.el6
  • condor-wallaby-tools-0:4.1.3-1.el6
  • cumin-0:0.1.5444-3.el6
  • deltacloud-core-0:0.5.0-10.el6_2
  • deltacloud-core-doc-0:0.5.0-10.el6_2
  • deltacloud-core-rhevm-0:0.5.0-10.el6_2
  • libdeltacloud-0:0.9-1.el6
  • libdeltacloud-debuginfo-0:0.9-1.el6
  • libdeltacloud-devel-0:0.9-1.el6
  • python-wallaby-0:0.12.5-10.el6
  • python-wallabyclient-0:4.1.3-1.el6
  • ruby-hpricot-0:0.8.4-2.el6
  • ruby-json-0:1.4.6-10.el6
  • ruby-nokogiri-0:1.5.0-0.8.beta4.el6
  • ruby-wallaby-0:0.12.5-10.el6
  • rubygem-daemons-0:1.1.4-2.el6
  • rubygem-eventmachine-0:0.12.10-7.el6
  • rubygem-eventmachine-debuginfo-0:0.12.10-7.el6
  • rubygem-fssm-0:0.2.7-1.el6
  • rubygem-haml-0:3.1.2-2.el6
  • rubygem-hpricot-0:0.8.4-2.el6
  • rubygem-hpricot-debuginfo-0:0.8.4-2.el6
  • rubygem-hpricot-doc-0:0.8.4-2.el6
  • rubygem-json-0:1.4.6-10.el6
  • rubygem-json-debuginfo-0:1.4.6-10.el6
  • rubygem-maruku-0:0.6.0-4.el6
  • rubygem-mime-types-0:1.16-4.el6_0
  • rubygem-mime-types-doc-0:1.16-4.el6_0
  • rubygem-mocha-0:0.9.7-4.el6
  • rubygem-net-ssh-0:2.0.23-6.el6_0
  • rubygem-net-ssh-doc-0:2.0.23-6.el6_0
  • rubygem-nokogiri-0:1.5.0-0.8.beta4.el6
  • rubygem-nokogiri-debuginfo-0:1.5.0-0.8.beta4.el6
  • rubygem-nokogiri-doc-0:1.5.0-0.8.beta4.el6
  • rubygem-rack-1:1.3.0-2.el6
  • rubygem-rack-accept-0:0.4.3-6.el6_0
  • rubygem-rack-accept-doc-0:0.4.3-6.el6_0
  • rubygem-rack-test-0:0.6.1-1.el6
  • rubygem-rake-0:0.8.7-2.1.el6
  • rubygem-rest-client-0:1.6.1-2.el6_0
  • rubygem-sass-0:3.1.4-4.el6
  • rubygem-sass-doc-0:3.1.4-4.el6
  • rubygem-sinatra-1:1.2.6-2.el6
  • rubygem-syntax-0:1.0.0-4.el6
  • rubygem-thin-0:1.2.11-3.el6
  • rubygem-thin-debuginfo-0:1.2.11-3.el6
  • rubygem-thin-doc-0:1.2.11-3.el6
  • rubygem-tilt-0:1.3.2-3.el6
  • rubygem-tilt-doc-0:1.3.2-3.el6
  • rubygem-yard-0:0.7.2-1.el6
  • rubygems-0:1.8.16-1.el6
  • sesame-0:1.0-6.el6
  • sesame-debuginfo-0:1.0-6.el6
  • wallaby-0:0.12.5-10.el6
  • wallaby-utils-0:0.12.5-10.el6
refmap via4
bid 55618
misc http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151
secunia 50660
xf cumin-redhat-session-hijacking(78776)
Last major update 13-02-2023 - 04:33
Published 28-09-2012 - 17:55
Last modified 13-02-2023 - 04:33
Back to Top