Vulnerability CVE-2012-3459
Published: 2012-09-28

Description:
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor.

Type:

CWE-264

 (Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:M/Au:S/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.9/10
4.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
Trevor mckay -> Cumin 
Redhat -> Enterprise mrg 

 References:
http://www.securityfocus.com/bid/55632
http://secunia.com/advisories/50666
http://secunia.com/advisories/50660
http://rhn.redhat.com/errata/RHSA-2012-1281.html
http://rhn.redhat.com/errata/RHSA-2012-1278.html
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=846501
Copyright 2024, cxsecurity.com

 

Back to Top