CVE-2012-2680
First published: Fri Sep 28 2012(Updated: )
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image viewing."
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trevor McKay Cumin | <=0.1.5192-4 | |
| Trevor McKay Cumin | =0.1.3160-1 | |
| Trevor McKay Cumin | =0.1.4369-1 | |
| Trevor McKay Cumin | =0.1.4410-2 | |
| Trevor McKay Cumin | =0.1.4494-1 | |
| Trevor McKay Cumin | =0.1.4794-1 | |
| Trevor McKay Cumin | =0.1.4916-1 | |
| Trevor McKay Cumin | =0.1.5033-1 | |
| Trevor McKay Cumin | =0.1.5037-1 | |
| Trevor McKay Cumin | =0.1.5054-1 | |
| Trevor McKay Cumin | =0.1.5068-1 | |
| Trevor McKay Cumin | =0.1.5092-1 | |
| Trevor McKay Cumin | =0.1.5098-2 | |
| Trevor McKay Cumin | =0.1.5105-1 | |
| Trevor McKay Cumin | =0.1.5137-1 | |
| Trevor McKay Cumin | =0.1.5137-2 | |
| Trevor McKay Cumin | =0.1.5137-3 | |
| Trevor McKay Cumin | =0.1.5137-4 | |
| Trevor McKay Cumin | =0.1.5137-5 | |
| Trevor McKay Cumin | =0.1.5192-1 | |
| Red Hat Enterprise MRG | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-2680?
CVE-2012-2680 has a medium severity rating due to improper access restrictions allowing sensitive information disclosure.
How do I fix CVE-2012-2680?
To fix CVE-2012-2680, update Cumin to version 0.1.5444 or later, as it addresses the access control issues.
What software is affected by CVE-2012-2680?
CVE-2012-2680 affects Cumin versions prior to 0.1.5444 and is used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0.
What types of attacks are possible with CVE-2012-2680?
CVE-2012-2680 allows remote attackers to potentially access sensitive information through unspecified vectors involving web pages and export functionality.
Is there any workaround for CVE-2012-2680?
There are no specific workarounds documented for CVE-2012-2680; upgrading to the patched version is recommended.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/trevor mckay
- canonical/trevor mckay cumin
- version/trevor mckay cumin/0.1.5192-4
- version/trevor mckay cumin/0.1.3160-1
- version/trevor mckay cumin/0.1.4369-1
- version/trevor mckay cumin/0.1.4410-2
- version/trevor mckay cumin/0.1.4494-1
- version/trevor mckay cumin/0.1.4794-1
- version/trevor mckay cumin/0.1.4916-1
- version/trevor mckay cumin/0.1.5033-1
- version/trevor mckay cumin/0.1.5037-1
- version/trevor mckay cumin/0.1.5054-1
- version/trevor mckay cumin/0.1.5068-1
- version/trevor mckay cumin/0.1.5092-1
- version/trevor mckay cumin/0.1.5098-2
- version/trevor mckay cumin/0.1.5105-1
- version/trevor mckay cumin/0.1.5137-1
- version/trevor mckay cumin/0.1.5137-2
- version/trevor mckay cumin/0.1.5137-3
- version/trevor mckay cumin/0.1.5137-4
- version/trevor mckay cumin/0.1.5137-5
- version/trevor mckay cumin/0.1.5192-1
- vendor/redhat
- canonical/redhat enterprise mrg
- version/redhat enterprise mrg/2.0