CVE-2013-6496

Опубликовано: 16 сент. 2014

Источник: redhat

CVSS2: 5

Описание

Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension.

Multiple information leak flaws were found in the way conga processed luci site extension-related URL requests. A remote, unauthenticated attacker could issue a specially crafted HTTP request that, when processed, would result in unauthorized information disclosure.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	conga	Affected
Red Hat Enterprise Linux 6	luci	Not affected
Red Hat Enterprise Linux 5	conga	Fixed	RHSA-2014:1194	16.09.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-306->CWE-862->CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=971541conga: Multiple information leak flaws in various luci site extensions

5 Medium

CVSS2

Связанные уязвимости

CVE-2013-6496

nvd

почти 11 лет назад

Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension.

GHSA-qg9g-f276-3vp4

github

больше 3 лет назад

Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension.

ELSA-2014-1194

oracle-oval

почти 11 лет назад

ELSA-2014-1194: conga security and bug fix update (MODERATE)

5 Medium

CVSS2