Lucene search

[email protected]CVE-2013-7347

HistoryMar 31, 2014 - 2:58 p.m.

CVE-2013-7347

2014-03-3114:58:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-7347

luci

red hat conga

session timeout

security vulnerability

6.7 Medium

AI Score

Confidence

Low

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.1%

JSON

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user and password in a cookie.

CPENameOperatorVersion
redhat:congaredhat congaeq*
redhat:enterprise_linuxredhat enterprise linuxeq5

CPE	Name	Operator	Version
redhat:conga	redhat conga	eq	*
redhat:enterprise_linux	redhat enterprise linux	eq	5

References

rhn.redhat.com/errata/RHSA-2013-0128.html

bugzilla.redhat.com/show_bug.cgi?id=607179

6.7 Medium

AI Score

Confidence

Low

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

12.1%

JSON

Related for CVE-2013-7347

cvelist2 nessus4 prion2 cve1 openvas3 oraclelinux1 centos1 redhat1 veracode1