What is the severity of CVE-2012-2735?

CVE-2012-2735 is categorized as a medium severity vulnerability that allows session hijacking.

How do I fix CVE-2012-2735?

To mitigate CVE-2012-2735, upgrade to Cumin version 0.1.5444 or later.

What types of attacks are possible with CVE-2012-2735?

CVE-2012-2735 can lead to remote attackers hijacking user sessions through crafted session cookies.

Which applications are affected by CVE-2012-2735?

CVE-2012-2735 affects versions of Cumin prior to 0.1.5444, including certain Red Hat Enterprise Messaging and Grid applications.

Is there any workaround for CVE-2012-2735 until I can upgrade?

There are no known workarounds for CVE-2012-2735; upgrading to a fixed version is the recommended solution.

Vulnerability/
CVE-2012-2735

medium

4.9

28/9/2012

13/2/2023

CVE-2012-2735

First published: Fri Sep 28 2012(Updated: )

Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Trevor McKay Cumin	<=0.1.5192-4
Trevor McKay Cumin	=0.1.3160-1
Trevor McKay Cumin	=0.1.4369-1
Trevor McKay Cumin	=0.1.4410-2
Trevor McKay Cumin	=0.1.4494-1
Trevor McKay Cumin	=0.1.4794-1
Trevor McKay Cumin	=0.1.4916-1
Trevor McKay Cumin	=0.1.5033-1
Trevor McKay Cumin	=0.1.5037-1
Trevor McKay Cumin	=0.1.5054-1
Trevor McKay Cumin	=0.1.5068-1
Trevor McKay Cumin	=0.1.5092-1
Trevor McKay Cumin	=0.1.5098-2
Trevor McKay Cumin	=0.1.5105-1
Trevor McKay Cumin	=0.1.5137-1
Trevor McKay Cumin	=0.1.5137-2
Trevor McKay Cumin	=0.1.5137-3
Trevor McKay Cumin	=0.1.5137-4
Trevor McKay Cumin	=0.1.5137-5
Trevor McKay Cumin	=0.1.5192-1
Red Hat Enterprise MRG	=2.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-2735?
CVE-2012-2735 is categorized as a medium severity vulnerability that allows session hijacking.
How do I fix CVE-2012-2735?
To mitigate CVE-2012-2735, upgrade to Cumin version 0.1.5444 or later.
What types of attacks are possible with CVE-2012-2735?
CVE-2012-2735 can lead to remote attackers hijacking user sessions through crafted session cookies.
Which applications are affected by CVE-2012-2735?
CVE-2012-2735 affects versions of Cumin prior to 0.1.5444, including certain Red Hat Enterprise Messaging and Grid applications.
Is there any workaround for CVE-2012-2735 until I can upgrade?
There are no known workarounds for CVE-2012-2735; upgrading to a fixed version is the recommended solution.

agent/references
agent/last-modified-date
agent/first-publish-date
agent/type
agent/severity
agent/author
agent/description
agent/softwarecombine
agent/tags
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
vendor/trevor mckay
canonical/trevor mckay cumin
version/trevor mckay cumin/0.1.5192-4
version/trevor mckay cumin/0.1.3160-1
version/trevor mckay cumin/0.1.4369-1
version/trevor mckay cumin/0.1.4410-2
version/trevor mckay cumin/0.1.4494-1
version/trevor mckay cumin/0.1.4794-1
version/trevor mckay cumin/0.1.4916-1
version/trevor mckay cumin/0.1.5033-1
version/trevor mckay cumin/0.1.5037-1
version/trevor mckay cumin/0.1.5054-1
version/trevor mckay cumin/0.1.5068-1
version/trevor mckay cumin/0.1.5092-1
version/trevor mckay cumin/0.1.5098-2
version/trevor mckay cumin/0.1.5105-1
version/trevor mckay cumin/0.1.5137-1
version/trevor mckay cumin/0.1.5137-2
version/trevor mckay cumin/0.1.5137-3
version/trevor mckay cumin/0.1.5137-4
version/trevor mckay cumin/0.1.5137-5
version/trevor mckay cumin/0.1.5192-1
vendor/redhat
canonical/redhat enterprise mrg
version/redhat enterprise mrg/2.0