fkie_nvd - fkie_cve-2012-3459

fkie_cve-2012-3459

Vulnerability from fkie_nvd

Published

2012-09-28 17:55

Modified

2024-11-21 01:40

Severity ?

Summary

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor.

References

URL	Tags
secalert@redhat.com	http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-1278.html	Vendor Advisory
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-1281.html	Vendor Advisory
secalert@redhat.com	http://secunia.com/advisories/50660
secalert@redhat.com	http://secunia.com/advisories/50666	Vendor Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/55632
af854a3a-2127-422b-91ae-364da2661108	http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-1278.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-1281.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/50660
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/50666	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/55632

Impacted products

Vendor	Product	Version
trevor_mckay	cumin	*
trevor_mckay	cumin	0.1.3160-1
trevor_mckay	cumin	0.1.4369-1
trevor_mckay	cumin	0.1.4410-2
trevor_mckay	cumin	0.1.4494-1
trevor_mckay	cumin	0.1.4794-1
trevor_mckay	cumin	0.1.4916-1
trevor_mckay	cumin	0.1.5033-1
trevor_mckay	cumin	0.1.5037-1
trevor_mckay	cumin	0.1.5054-1
trevor_mckay	cumin	0.1.5068-1
trevor_mckay	cumin	0.1.5092-1
trevor_mckay	cumin	0.1.5098-2
trevor_mckay	cumin	0.1.5105-1
trevor_mckay	cumin	0.1.5137-1
trevor_mckay	cumin	0.1.5137-2
trevor_mckay	cumin	0.1.5137-3
trevor_mckay	cumin	0.1.5137-4
trevor_mckay	cumin	0.1.5137-5
trevor_mckay	cumin	0.1.5192-1
redhat	enterprise_mrg	2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB8CE3E6-C78F-4363-B731-A7981046EE5B",
              "versionEndIncluding": "0.1.5192-4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B33C6617-24FB-4C96-A786-D26B074B0569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6CF3F68-713E-48E8-8D37-4AE443AF87FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BDF4FB8-5ECF-4A2F-8066-8C362574B55F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ADC326A-3CE8-4710-870B-BF540CCB4A5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFB4776E-178C-4488-9C98-98859576E343",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "77B6E427-B880-48EB-8139-2F54381539BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EABF881-94BA-4E76-8EDB-29A4DB7F68B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "476B4482-38CB-46FB-B05D-CBBCDA87B739",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F49E39C4-D9D4-44D0-9F24-2DB3EB1E4457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "75A69413-E0B0-4528-8C42-898866BD3B9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B69A8C-A652-4CBB-80B1-171630C7420E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:*",
              "matchCriteriaId": "11E7AFB1-7864-47D4-AD75-9B9950BE7BBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C553FD-1ED7-436A-B4A7-309C79CB7793",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CBBA885-F992-464D-9DF4-047F824FC02B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D313A509-35AE-4EA3-9EDC-20CA98293D99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B84531E0-D82D-43AE-A708-B12C34984B70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9106FF80-627C-40E1-80E1-E574EB9A6B8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F46220E7-B924-49D4-B866-3EA6B52F4D45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CACA1231-8272-40A9-B7B3-0141E0F1D7A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor."
    },
    {
      "lang": "es",
      "value": "Cumin, antes de v0.1.5444, tal y como se usa en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0 permite a usuarios remotos autenticados modificar los atributos Condor y posiblemente obtener privilegios adicionales a trav\u00e9s de par\u00e1metros modificados en una solicitud HTTP POST, lo que provoca una petici\u00f3n de cambio de atributo de un trabajo (job) de Condor."
    }
  ],
  "id": "CVE-2012-3459",
  "lastModified": "2024-11-21T01:40:55.220",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-28T17:55:01.147",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/50660"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50666"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/55632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/50660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/50666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/55632"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2012-3459

Vulnerability from cvelistv5

Published

2012-09-28 17:00

Modified

2024-08-06 20:05