CVE-2012-6590
published 2013-08-31CVE-2012-6590: The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers to obtain verbose error information via crafted input, aka…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
1.59%
72.7th percentile
The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers to obtain verbose error information via crafted input, aka Ref ID 33139.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paloalto | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
| paloaltonetworks | pan-os | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jm74-ggq4-24rh: The web-based management UI in Palo Alto Networks PAN-OS 4
ghsa_unreviewed·2022-05-13
CVE-2012-6590 [MEDIUM] CWE-200 GHSA-jm74-ggq4-24rh: The web-based management UI in Palo Alto Networks PAN-OS 4
The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 allows remote attackers to obtain verbose error information via crafted input, aka Ref ID 33139.
Palo Alto
Verbose Error Messages
vendor_paloalto·2012-04-27·CVSS 4.3
CVE-2012-6590 [MEDIUM] CWE-200 Verbose Error Messages
Verbose Error Messages
Under certain conditions, when unexpected input is provided to the web-based management UI, overly verbose error information is delivered back to the client. This does not directly result in any specific vulnerability, however this information is helpful to an attacker. (Ref #33139)
This issue results in verbose error messages in specific cases, and does not directly result in an exploitable condition or product vulnerability. Overly verbose error messages can be helpful to an attacker looking to collect information on how a system is architected.
This issue affects PAN-OS 4.0.7 and earlier; PAN-OS 3.0.x is not affected.
Affected products: PAN-OS
Solution: PAN-OS 4.0.8 and later.
Workaround: This issue affects the management interface of the device. Security appl
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2013-08-31
Published