exploitDog

CVE-2013-7347

Опубликовано: 31 мар. 2014

Источник: nvd

CVSS2: 3.7

EPSS Низкий

Описание

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user and password in a cookie.

Ссылки

http://rhn.redhat.com/errata/RHSA-2013-0128.html
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=607179
http://rhn.redhat.com/errata/RHSA-2013-0128.html
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=607179

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:conga:*:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00142

Низкий

3.7 Low

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2013-7347

redhat

около 13 лет назад

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user and password in a cookie.

GHSA-9fpf-6wcx-rjjm

github

больше 3 лет назад

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user and password in a cookie.

EPSS

Процентиль: 35%

0.00142

Низкий

3.7 Low

CVSS2

Дефекты

CWE-264