Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7347

Overview

Vulnerability Score 3.7 3.7
CVE Id CVE-2013-7347
Last Modified 31 Mar 2014 02:23:45
Published 31 Mar 2014 10:58:45
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2013-7347

Summary

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user and password in a cookie.

Vulnerable Systems

Operating System

  • Redhat Enterprise Linux 5

Application

  • Redhat Conga


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=607179

REDHAT - RHSA-2013:0128


Last Updated: 27 May 2016 11:04:48