Linux Distros Unpatched Vulnerability : CVE-2012-3359

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the ac session cookie, which allows attackers to gain privileges by...

Design/Logic Flaw

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user...

CVE-2012-3359

CVE-2012-3359 concerns Luci in Red Hat Conga storing the user’s username and password in a Base64-encoded string in the __ac session cookie. This encoding is not secure, and access to the cookie can allow an attacker to gain privileges. The issue is explicitly split from CVE-2013-7347, which cove...

RHEL 5 : conga (RHSA-2013:0128)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0128 advisory. - conga: insecure handling of luci web interface sessions CVE-2012-3359 Note that Nessus has not tested for this issue but has instead relied only on...

CentOS 5 : conga (CESA-2013:0128)

Updated conga packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives ...

Low: Red Hat Security Advisory: conga security, bug fix, and enhancement update

Updated conga packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives ...