Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2734

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-2734
Last Modified 24 Nov 2013 11:25:46
Published 28 Sep 2012 01:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2734

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors.

Vulnerable Systems

Application

  • Redhat Enterprise Mrg 2.0

  • Trevor Mckay Cumin 0.1.3160-1

  • Trevor Mckay Cumin 0.1.4369-1

  • Trevor Mckay Cumin 0.1.4410-2

  • Trevor Mckay Cumin 0.1.4494-1

  • Trevor Mckay Cumin 0.1.4794-1

  • Trevor Mckay Cumin 0.1.4916-1

  • Trevor Mckay Cumin 0.1.5033-1

  • Trevor Mckay Cumin 0.1.5037-1

  • Trevor Mckay Cumin 0.1.5054-1

  • Trevor Mckay Cumin 0.1.5068-1

  • Trevor Mckay Cumin 0.1.5092-1

  • Trevor Mckay Cumin 0.1.5098-2

  • Trevor Mckay Cumin 0.1.5105-1

  • Trevor Mckay Cumin 0.1.5137-1

  • Trevor Mckay Cumin 0.1.5137-2

  • Trevor Mckay Cumin 0.1.5137-3

  • Trevor Mckay Cumin 0.1.5137-4

  • Trevor Mckay Cumin 0.1.5137-5

  • Trevor Mckay Cumin 0.1.5192-1

  • Trevor Mckay Cumin 0.1.5192-4


References

REDHAT - RHSA-2012:1281

REDHAT - RHSA-2012:1278

MISC - http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832124

XF - cumin-redhat-csrf(78775)

BID - 55618

SECUNIA - 50660


Last Updated: 27 May 2016 11:00:50