Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2735

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2012-2735
Last Modified 24 Nov 2013 11:25:46
Published 28 Sep 2012 01:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2012-2735

Summary

Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie.

Vulnerable Systems

Application

  • Redhat Enterprise Mrg 2.0

  • Trevor Mckay Cumin 0.1.3160-1

  • Trevor Mckay Cumin 0.1.4369-1

  • Trevor Mckay Cumin 0.1.4410-2

  • Trevor Mckay Cumin 0.1.4494-1

  • Trevor Mckay Cumin 0.1.4794-1

  • Trevor Mckay Cumin 0.1.4916-1

  • Trevor Mckay Cumin 0.1.5033-1

  • Trevor Mckay Cumin 0.1.5037-1

  • Trevor Mckay Cumin 0.1.5054-1

  • Trevor Mckay Cumin 0.1.5068-1

  • Trevor Mckay Cumin 0.1.5092-1

  • Trevor Mckay Cumin 0.1.5098-2

  • Trevor Mckay Cumin 0.1.5105-1

  • Trevor Mckay Cumin 0.1.5137-1

  • Trevor Mckay Cumin 0.1.5137-2

  • Trevor Mckay Cumin 0.1.5137-3

  • Trevor Mckay Cumin 0.1.5137-4

  • Trevor Mckay Cumin 0.1.5137-5

  • Trevor Mckay Cumin 0.1.5192-1

  • Trevor Mckay Cumin 0.1.5192-4


References

REDHAT - RHSA-2012:1281

REDHAT - RHSA-2012:1278

MISC - http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151

XF - cumin-redhat-session-hijacking(78776)

BID - 55618

SECUNIA - 50660


Last Updated: 27 May 2016 11:00:50