Lucene search

[email protected]NVD:CVE-2012-4406

HistoryOct 22, 2012 - 11:55 p.m.

CVE-2012-4406

2012-10-2223:55:06

CWE-502

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.05

Percentile

92.9%

JSON

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

Affected configurations

Nvd

Node

openstackswiftRange<1.7.0

Node

fedoraprojectfedoraMatch16

Node

redhatgluster_storage_management_consoleMatch2.0

redhatgluster_storage_server_for_on-premiseMatch2.0

redhatstorageMatch2.0

redhatstorage_for_public_cloudMatch2.0

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

VendorProductVersionCPE
openstackswift*cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*
fedoraprojectfedora16cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
redhatgluster_storage_management_console2.0cpe:2.3:a:redhat:gluster_storage_management_console:2.0:*:*:*:*:*:*:*
redhatgluster_storage_server_for_on-premise2.0cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*
redhatstorage2.0cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*
redhatstorage_for_public_cloud2.0cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*
redhatenterprise_linux_server5.0cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
redhatenterprise_linux_server6.0cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openstack	swift	*	cpe:2.3:a:openstack:swift::::::::
fedoraproject	fedora	16	cpe:2.3:o:fedoraproject:fedora:16:::::::*
redhat	gluster_storage_management_console	2.0	cpe:2.3:a:redhat:gluster_storage_management_console:2.0:::::::*
redhat	gluster_storage_server_for_on-premise	2.0	cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:::::::*
redhat	storage	2.0	cpe:2.3:a:redhat:storage:2.0:::::::*
redhat	storage_for_public_cloud	2.0	cpe:2.3:a:redhat:storage_for_public_cloud:2.0:::::::*
redhat	enterprise_linux_server	5.0	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
redhat	enterprise_linux_server	6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*