Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2770

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-2770
Last Modified 16 Aug 2012 12:00:00
Published 15 Aug 2012 05:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2770

Summary

The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."

Vulnerable Systems

Application

  • Mike Peachey Authen%3a%3aexternalauth 0.05

  • Mike Peachey Authen%3a%3aexternalauth 0.08


References

XF - authenexternalauth-url-sec-bypass(77213)

BID - 54681

SECUNIA - 50060

MLIST - [rt-announce] 20120725 Security vulnerabilities in three commonly deployed RT extensions


Last Updated: 27 May 2016 10:51:42