CVE-2012-2735Session Fixation in Mckay Cumin

CWE-384Session Fixation6 documents5 sources
Severity
4.9MEDIUMNVD
EPSS
0.4%
top 39.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trevor Mckay CuminRedhat Enterprise MRG
Timeline
PublishedSep 28
Latest updateMay 13

Description

Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 6.8 | Impact: 4.9

Affected Packages2 packages

NVDtrevor_mckay/cumin0.1.5192-4+19

🔴Vulnerability Details

2
GHSA
GHSA-v52c-pgx4-3c8m: Session fixation vulnerability in Cumin before 02022-05-13
CVEList
CVE-2012-2735: Session fixation vulnerability in Cumin before 02012-09-28

📋Vendor Advisories

1
Red Hat
cumin: session fixation flaw2012-09-19

💬Community

2
Bugzilla
CVE-2012-2680 CVE-2012-2681 CVE-2012-2683 CVE-2012-2684 CVE-2012-2685 CVE-2012-2734 CVE-2012-2735 CVE-2012-3459 cumin various flaws [fedora-all]2012-09-19
Bugzilla
CVE-2012-2735 cumin: session fixation flaw2012-06-14
CVE-2012-2735 — Session Fixation in Trevor Mckay Cumin | cvebase