CVE-2012-6137

CWE-2556 documents5 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 59.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Redhat Enterprise LinuxRedhat Enterprise Linux DesktopRedhat Enterprise Linux EUS+6 more
Timeline
PublishedMay 21
Latest updateMay 17

Description

rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

Also affects: Enterprise Linux 5, 5.9.z, 6.4, 6.4.z

🔴Vulnerability Details

2
GHSA
GHSA-qw78-gpjg-cm27: rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X2022-05-17
CVEList
CVE-2012-6137: rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X2013-05-21

📋Vendor Advisories

1
Red Hat
subscription-manager: rhn-migrate-classic-to-rhsm missing SSL certificate verification2013-05-06

💬Community

2
Bugzilla
CVE-2012-6137 subscription-manager: rhn-migrate-classic-to-rhsm missing SSL certificate verification [fedora-all]2013-05-06
Bugzilla
CVE-2012-6137 subscription-manager: rhn-migrate-classic-to-rhsm missing SSL certificate verification2012-12-07