CVE-2012-2144 — Session Fixation in Horizon

CWE-384 — Session Fixation10 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

2.9%

top 13.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Horizon

Timeline

PublishedJun 5

Latest updateMay 17

Description

Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDopenstack/horizon2012.1, folsom-1+1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

OpenStack Horizon Session Fixation↗2022-05-17

▶

OSV

OpenStack Horizon Session Fixation↗2022-05-17

▶

CVEList

CVE-2012-2144: Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012↗2012-06-05

▶

OSV

CVE-2012-2144: Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012↗2012-06-05

▶

📋Vendor Advisories

Ubuntu

Horizon vulnerabilities↗2012-05-07

▶

Debian

CVE-2012-2144: horizon - Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 201...↗2012

▶

💬Community

Bugzilla

CVE-2012-2144 python-django-horizon: Horizon session fixation and reuse [epel-6]↗2012-05-03

▶

Bugzilla

CVE-2012-2144 python-django-horizon: Horizon session fixation and reuse [fedora-17]↗2012-05-03

▶

Bugzilla

CVE-2012-2144 python-django-horizon: Horizon session fixation and reuse↗2012-04-27

▶