CVE-2010-3852
First published: Mon Aug 23 2010(Updated: )
A security flaw was found in the way Luci administration application processed ticket cookies. A remote attacker, with certain knowledge of running Luci instance environment details could use this flaw to bypass standard Luci authentication mechanism (access resources which should be otherwise protected by authentication).
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Luci | <=0.22.4 | |
| Red Hat Conga |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/44611
- http://secunia.com/advisories/42113
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050244.html
- http://secunia.com/advisories/42123
- http://www.vupen.com/english/advisories/2010/2873
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050246.html
- https://bugzilla.redhat.com/show_bug.cgi?id=626504
- http://osvdb.org/69015
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050309.html
- http://www.vupen.com/english/advisories/2010/2900
- https://exchange.xforce.ibmcloud.com/vulnerabilities/62980
- http://git.fedorahosted.org/git/?p=luci.git%3Ba=commit%3Bh=9e0bbf0c5faa198379d945474f7d55da5031cacf
- https://access.redhat.com/security/cve/CVE-2010-3852
- http://wiki.pylonshq.com/display/pylonscookbook/Authentication+and+Authorization+with+`repoze.who
- https://addons.mozilla.org/en-US/firefox/addon/4510/
- http://groups.google.com/group/turbogears-announce/browse_thread/thread/daf8db234df8105b
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=645404
- http://git.fedorahosted.org/git?p=luci.git;a=commit;h=9e0bbf0c5faa198379d945474f7d55da5031cacf
Frequently Asked Questions
What is the severity of CVE-2010-3852?
CVE-2010-3852 is considered a high severity vulnerability due to its potential to allow unauthorized access to the Luci administration application.
How do I fix CVE-2010-3852?
To fix CVE-2010-3852, users should upgrade the Redhat Luci application to version 0.22.5 or later.
What applications are affected by CVE-2010-3852?
CVE-2010-3852 affects Redhat Luci versions up to and including 0.22.4.
What type of vulnerability is CVE-2010-3852?
CVE-2010-3852 is a remote authentication bypass vulnerability.
Can CVE-2010-3852 be exploited from a remote location?
Yes, a remote attacker with knowledge of the Luci instance can exploit CVE-2010-3852.
- collector/nvd-historical
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-3852
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat luci
- version/red hat luci/0.22.4
- canonical/red hat conga