| Vulnerability Name: | CVE-2012-3359 (CCN-103018) | ||||||||||||||||
| Assigned: | 2012-06-14 | ||||||||||||||||
| Published: | 2013-01-07 | ||||||||||||||||
| Updated: | 2023-02-13 | ||||||||||||||||
| Summary: | Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. Note: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect enforcement of a user timeout. | ||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||||||||||
| CVSS v2 Severity: | 3.7 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P) 2.7 Low (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
2.7 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2012-3359 Source: CCN Type: RHSA-2013-0128 Low: conga security, bug fix, and enhancement update Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: CCN Type: Conga Web site Conga luci Source: CCN Type: BID-57322 Conga luci Multiple Local Information Disclosure Vulnerabilities Source: CCN Type: Red Hat Bugzilla Bug 607179 CVE-2012-3359 conga: insecure handling of luci web interface sessions Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: XF Type: UNKNOWN conga-cve20123359-info-disc(103018) Source: CCN Type: WhiteSource Vulnerability Database CVE-2012-3359 | ||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||