Cumin is vulnerable to session fixation. An authenticated remote attacker is able to steal the victim’s session after they log into Cumin via a crafted session cookie.
bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151
rhn.redhat.com/errata/RHSA-2012-1278.html
rhn.redhat.com/errata/RHSA-2012-1281.html
secunia.com/advisories/50660
www.securityfocus.com/bid/55618
access.redhat.com/errata/RHSA-2012:1278
access.redhat.com/errata/RHSA-2012:1281
access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/sec-Red_Hat_Enterprise_Linux_6.html#RHSA-2012-1281
access.redhat.com/security/cve/CVE-2012-2735
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=832151
exchange.xforce.ibmcloud.com/vulnerabilities/78776
rhn.redhat.com/errata/RHSA-2012-1281.html