Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities found for beaker by python

    CVE-2012-3458 (GCVE-0-2012-3458)

    Vulnerability from nvd – Published: 2012-09-15 17:00 – Updated: 2024-08-06 20:05
    VLAI
    Summary
    Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/bbangert/beaker/commit/91becae… x_refsource_CONFIRM
    http://secunia.com/advisories/50226 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/50520 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2012/0… mailing-listx_refsource_MLIST
    http://www.debian.org/security/2012/dsa-2541 vendor-advisoryx_refsource_DEBIAN
    https://bugzilla.redhat.com/show_bug.cgi?id=809267 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:12.551Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5"
              },
              {
                "name": "50226",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/50226"
              },
              {
                "name": "50520",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/50520"
              },
              {
                "name": "[oss-security] 20120813 ANN: Beaker 1.6.4 released with important security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/13/10"
              },
              {
                "name": "DSA-2541",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2541"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=809267"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-15T17:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5"
            },
            {
              "name": "50226",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/50226"
            },
            {
              "name": "50520",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/50520"
            },
            {
              "name": "[oss-security] 20120813 ANN: Beaker 1.6.4 released with important security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/13/10"
            },
            {
              "name": "DSA-2541",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2541"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=809267"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3458",
        "datePublished": "2012-09-15T17:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:05:12.551Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3458 (GCVE-0-2012-3458)

    Vulnerability from cvelistv5 – Published: 2012-09-15 17:00 – Updated: 2024-08-06 20:05
    VLAI
    Summary
    Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/bbangert/beaker/commit/91becae… x_refsource_CONFIRM
    http://secunia.com/advisories/50226 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/50520 third-party-advisoryx_refsource_SECUNIA
    http://www.openwall.com/lists/oss-security/2012/0… mailing-listx_refsource_MLIST
    http://www.debian.org/security/2012/dsa-2541 vendor-advisoryx_refsource_DEBIAN
    https://bugzilla.redhat.com/show_bug.cgi?id=809267 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:12.551Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5"
              },
              {
                "name": "50226",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/50226"
              },
              {
                "name": "50520",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/50520"
              },
              {
                "name": "[oss-security] 20120813 ANN: Beaker 1.6.4 released with important security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/13/10"
              },
              {
                "name": "DSA-2541",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2541"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=809267"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-15T17:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5"
            },
            {
              "name": "50226",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/50226"
            },
            {
              "name": "50520",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/50520"
            },
            {
              "name": "[oss-security] 20120813 ANN: Beaker 1.6.4 released with important security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/13/10"
            },
            {
              "name": "DSA-2541",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2541"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=809267"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3458",
        "datePublished": "2012-09-15T17:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:05:12.551Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }