Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3458

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3458
Last Modified 17 Sep 2012 01:43:18
Published 15 Sep 2012 01:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3458

Summary

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.

Vulnerable Systems

Application

  • Python Beaker 1.6.4


References

CONFIRM - https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=809267

MLIST - [oss-security] 20120813 ANN: Beaker 1.6.4 released with important security update

DEBIAN - DSA-2541

SECUNIA - 50520

SECUNIA - 50226


Last Updated: 27 May 2016 11:00:42