CVE-2012-2734
The MITRE CVE dictionary describes this issue as:
Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors.
Find out more about CVE-2012-2734 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 4.3 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| MRG Grid for RHEL 5 Server v.2 (cumin) | RHSA-2012:1278 | 2012-09-19 |
| Red Hat MRG Grid for RHEL 6 Server v.2 (cumin) | RHSA-2012:1281 | 2012-09-19 |
| Red Hat MRG Grid Execute Node for RHEL 6 ComputeNode v.2 | RHSA-2012:1281 | 2012-09-19 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise MRG 1 | cumin | Will not fix |
Acknowledgements
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.CVE description copyright © 2017, The MITRE Corporation