CVE-2010-3852
First published: Mon Aug 23 2010(Updated: )
A security flaw was found in the way Luci administration application processed ticket cookies. A remote attacker, with certain knowledge of running Luci instance environment details could use this flaw to bypass standard Luci authentication mechanism (access resources which should be otherwise protected by authentication).
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Luci | <=0.22.4 | |
| Redhat Conga |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/44611
- http://secunia.com/advisories/42113
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050244.html
- http://secunia.com/advisories/42123
- http://www.vupen.com/english/advisories/2010/2873
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050246.html
- https://bugzilla.redhat.com/show_bug.cgi?id=626504
- http://osvdb.org/69015
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050309.html
- http://www.vupen.com/english/advisories/2010/2900
- https://exchange.xforce.ibmcloud.com/vulnerabilities/62980
- http://git.fedorahosted.org/git/?p=luci.git%3Ba=commit%3Bh=9e0bbf0c5faa198379d945474f7d55da5031cacf
- https://access.redhat.com/security/cve/CVE-2010-3852
- http://wiki.pylonshq.com/display/pylonscookbook/Authentication+and+Authorization+with+`repoze.who
- https://addons.mozilla.org/en-US/firefox/addon/4510/
- http://groups.google.com/group/turbogears-announce/browse_thread/thread/daf8db234df8105b
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=645404
- http://git.fedorahosted.org/git?p=luci.git;a=commit;h=9e0bbf0c5faa198379d945474f7d55da5031cacf
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-3852
- vendor/redhat
- canonical/redhat luci
- version/redhat luci/0.22.4
- canonical/redhat conga