CVE-2012-2735

Severity

49%

Complexity

68%

Confidentiality

81%

Per: http://cwe.mitre.org/data/definitions/384.html 'CWE-384: Session Fixation'

Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie.

Per: http://rhn.redhat.com/errata/RHSA-2012-1278.html " An authenticated user able to pre-set the Cumin session cookie in a victim's browser could possibly use this flaw to steal the victim's session after they log into Cumin."

Per: http://cwe.mitre.org/data/definitions/384.html 'CWE-384: Session Fixation'

CVSS 2.0 Base Score 4.9. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:N).

Overview

First reported 12 years ago

2012-09-28 17:55:00

Last updated 7 years ago

2017-08-29 01:31:00

Affected Software

RedHat Enterprise MRG 2.0

2.0

Trevor McKay Cumin 0.1.3160-1

0.1.3160-1

Trevor McKay Cumin 0.1.4369-1

0.1.4369-1

Trevor McKay Cumin 0.1.4410-2

0.1.4410-2

Trevor McKay Cumin 0.1.4494-1

0.1.4494-1

Trevor McKay Cumin 0.1.4794-1

0.1.4794-1

Trevor McKay Cumin 0.1.4916-1

0.1.4916-1

Trevor McKay Cumin 0.1.5033-1

0.1.5033-1

Trevor McKay Cumin 0.1.5037-1

0.1.5037-1

Trevor McKay Cumin 0.1.5054-1

0.1.5054-1

Trevor McKay Cumin 0.1.5068-1

0.1.5068-1

Trevor McKay Cumin 0.1.5092-1

0.1.5092-1

Trevor McKay Cumin 0.1.5098-2

0.1.5098-2

Trevor McKay Cumin 0.1.5105-1

0.1.5105-1

Trevor McKay Cumin 0.1.5137-1

0.1.5137-1

Trevor McKay Cumin 0.1.5137-2

0.1.5137-2

Trevor McKay Cumin 0.1.5137-3

0.1.5137-3

Trevor McKay Cumin 0.1.5137-4

0.1.5137-4

Trevor McKay Cumin 0.1.5137-5

0.1.5137-5

Trevor McKay Cumin 0.1.5192-1

0.1.5192-1

References

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151

RHSA-2012:1278

Vendor Advisory

RHSA-2012:1281