CVE-2012-2734: CSRF
First published: Fri Sep 28 2012(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trevor McKay Cumin | <=0.1.5192-4 | |
| Trevor McKay Cumin | =0.1.3160-1 | |
| Trevor McKay Cumin | =0.1.4369-1 | |
| Trevor McKay Cumin | =0.1.4410-2 | |
| Trevor McKay Cumin | =0.1.4494-1 | |
| Trevor McKay Cumin | =0.1.4794-1 | |
| Trevor McKay Cumin | =0.1.4916-1 | |
| Trevor McKay Cumin | =0.1.5033-1 | |
| Trevor McKay Cumin | =0.1.5037-1 | |
| Trevor McKay Cumin | =0.1.5054-1 | |
| Trevor McKay Cumin | =0.1.5068-1 | |
| Trevor McKay Cumin | =0.1.5092-1 | |
| Trevor McKay Cumin | =0.1.5098-2 | |
| Trevor McKay Cumin | =0.1.5105-1 | |
| Trevor McKay Cumin | =0.1.5137-1 | |
| Trevor McKay Cumin | =0.1.5137-2 | |
| Trevor McKay Cumin | =0.1.5137-3 | |
| Trevor McKay Cumin | =0.1.5137-4 | |
| Trevor McKay Cumin | =0.1.5137-5 | |
| Trevor McKay Cumin | =0.1.5192-1 | |
| Red Hat Enterprise MRG | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-2734?
CVE-2012-2734 is classified as a high-severity vulnerability due to the potential for remote attackers to hijack user sessions.
How do I fix CVE-2012-2734?
To fix CVE-2012-2734, upgrade to the latest version of Cumin that addresses the CSRF vulnerabilities.
What software is affected by CVE-2012-2734?
CVE-2012-2734 affects multiple versions of Cumin prior to 0.1.5444, particularly those used in Red Hat Enterprise Messaging and other related products.
How can CVE-2012-2734 be exploited?
CVE-2012-2734 can be exploited through Cross-Site Request Forgery (CSRF), allowing attackers to carry out unauthorized requests on behalf of authenticated users.
What are the potential impacts of CVE-2012-2734?
The potential impacts of CVE-2012-2734 include unauthorized command execution and compromised user authentication.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/trevor mckay
- canonical/trevor mckay cumin
- version/trevor mckay cumin/0.1.5192-4
- version/trevor mckay cumin/0.1.3160-1
- version/trevor mckay cumin/0.1.4369-1
- version/trevor mckay cumin/0.1.4410-2
- version/trevor mckay cumin/0.1.4494-1
- version/trevor mckay cumin/0.1.4794-1
- version/trevor mckay cumin/0.1.4916-1
- version/trevor mckay cumin/0.1.5033-1
- version/trevor mckay cumin/0.1.5037-1
- version/trevor mckay cumin/0.1.5054-1
- version/trevor mckay cumin/0.1.5068-1
- version/trevor mckay cumin/0.1.5092-1
- version/trevor mckay cumin/0.1.5098-2
- version/trevor mckay cumin/0.1.5105-1
- version/trevor mckay cumin/0.1.5137-1
- version/trevor mckay cumin/0.1.5137-2
- version/trevor mckay cumin/0.1.5137-3
- version/trevor mckay cumin/0.1.5137-4
- version/trevor mckay cumin/0.1.5137-5
- version/trevor mckay cumin/0.1.5192-1
- vendor/redhat
- canonical/redhat enterprise mrg
- version/redhat enterprise mrg/2.0