Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Mrg
Trevor Mckay
  • Cumin

Configuration 1 [-]

OR cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*
cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
MRG for RHEL-5 v. 2
condor-0:7.6.5-0.22.el5 cpe:/a:redhat:enterprise_mrg:2::el5 RHSA-2012:1278 2012-09-19T00:00:00Z
condor-wallaby-0:4.1.3-1.el5 cpe:/a:redhat:enterprise_mrg:2::el5 RHSA-2012:1278 2012-09-19T00:00:00Z
condor-wallaby-base-db-0:1.23-1.el5 cpe:/a:redhat:enterprise_mrg:2::el5 RHSA-2012:1278 2012-09-19T00:00:00Z
cumin-0:0.1.5444-3.el5 cpe:/a:redhat:enterprise_mrg:2::el5 RHSA-2012:1278 2012-09-19T00:00:00Z
sesame-0:1.0-4.el5 cpe:/a:redhat:enterprise_mrg:2::el5 RHSA-2012:1278 2012-09-19T00:00:00Z
wallaby-0:0.12.5-10.el5 cpe:/a:redhat:enterprise_mrg:2::el5 RHSA-2012:1278 2012-09-19T00:00:00Z
Red Hat Enterprise MRG 2
condor-0:7.6.5-0.22.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
condor-wallaby-0:4.1.3-1.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
condor-wallaby-base-db-0:1.23-1.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
cumin-0:0.1.5444-3.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
deltacloud-core-0:0.5.0-10.el6_2 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
libdeltacloud-0:0.9-1.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-daemons-0:1.1.4-2.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-eventmachine-0:0.12.10-7.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-fssm-0:0.2.7-1.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-haml-0:3.1.2-2.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-hpricot-0:0.8.4-2.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-json-0:1.4.6-10.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-maruku-0:0.6.0-4.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-mime-types-0:1.16-4.el6_0 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-mocha-0:0.9.7-4.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-net-ssh-0:2.0.23-6.el6_0 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-nokogiri-0:1.5.0-0.8.beta4.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-rack-1:1.3.0-2.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-rack-accept-0:0.4.3-6.el6_0 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-rack-test-0:0.6.1-1.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-rake-0:0.8.7-2.1.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-rest-client-0:1.6.1-2.el6_0 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygems-0:1.8.16-1.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-sass-0:3.1.4-4.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-sinatra-1:1.2.6-2.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-syntax-0:1.0.0-4.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-thin-0:1.2.11-3.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-tilt-0:1.3.2-3.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
rubygem-yard-0:0.7.2-1.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
sesame-0:1.0-6.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
wallaby-0:0.12.5-10.el6 cpe:/a:redhat:enterprise_mrg:2:server:el6 RHSA-2012:1281 2012-09-19T00:00:00Z
References
Link Providers
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-1278.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-1281.html cve-icon cve-icon
http://secunia.com/advisories/50660 cve-icon cve-icon
http://www.securityfocus.com/bid/55618 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/78776 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2012-2735 cve-icon
https://www.cve.org/CVERecord?id=CVE-2012-2735 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-09-28T17:00:00

Updated: 2024-08-06T19:42:32.499Z

Reserved: 2012-05-14T00:00:00

Link: CVE-2012-2735

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-09-28T17:55:01.070

Modified: 2023-02-13T04:33:46.743

Link: CVE-2012-2735

cve-icon Redhat

Severity : Moderate

Publid Date: 2012-09-19T00:00:00Z

Links: CVE-2012-2735 - Bugzilla