CVE-2012-4545

2013-01-0301:55:02

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.008

Percentile

81.7%

JSON

The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials.

Affected configurations

Nvd

Node

elinkselinksMatch0.12pre1

elinkselinksMatch0.12pre2

elinkselinksMatch0.12pre3

elinkselinksMatch0.12pre4

elinkselinksMatch0.12pre5

VendorProductVersionCPE
elinkselinks0.12cpe:2.3:a:elinks:elinks:0.12:pre1:*:*:*:*:*:*
elinkselinks0.12cpe:2.3:a:elinks:elinks:0.12:pre2:*:*:*:*:*:*
elinkselinks0.12cpe:2.3:a:elinks:elinks:0.12:pre3:*:*:*:*:*:*
elinkselinks0.12cpe:2.3:a:elinks:elinks:0.12:pre4:*:*:*:*:*:*
elinkselinks0.12cpe:2.3:a:elinks:elinks:0.12:pre5:*:*:*:*:*:*

Vendor	Product	Version	CPE
elinks	elinks	0.12	cpe:2.3:a:elinks:elinks:0.12:pre1::::::
elinks	elinks	0.12	cpe:2.3:a:elinks:elinks:0.12:pre2::::::
elinks	elinks	0.12	cpe:2.3:a:elinks:elinks:0.12:pre3::::::
elinks	elinks	0.12	cpe:2.3:a:elinks:elinks:0.12:pre4::::::
elinks	elinks	0.12	cpe:2.3:a:elinks:elinks:0.12:pre5::::::

References

bugzilla.elinks.cz/show_bug.cgi?id=1124

repo.or.cz/w/elinks.git/blobdiff/89056e21fc7ab8e1c2d4e06ec9d0c6d01e70669a..da18694ff7dd0b67dfcb3c417fb0579b1e7d02d7:/src/protocol/http/http_negotiate.c

rhn.redhat.com/errata/RHSA-2013-0250.html

secunia.com/advisories/51569

www.debian.org/security/2012/dsa-2592

www.mandriva.com/security/advisories?name=MDVSA-2013:075

www.securityfocus.com/bid/57065

exchange.xforce.ibmcloud.com/vulnerabilities/80882