CVE-2012-2735

2012-09-28T17:55:00
ID CVE-2012-2735
Type cve
Reporter cve@mitre.org
Modified 2017-08-29T01:31:00

Description

Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie. Per: http://rhn.redhat.com/errata/RHSA-2012-1278.html

" An authenticated user able to pre-set the Cumin session cookie in a victim's browser could possibly use this flaw to steal the victim's session after they log into Cumin." Per: http://cwe.mitre.org/data/definitions/384.html 'CWE-384: Session Fixation'