CVE-2012-3359
First published: Wed Jun 23 2010(Updated: )
It was reported that Luci's (Luci is a web based front-end component of the Conga cluster management system) user session timeout feature depended only on JavaScript script running in the user's browser. If user closed browser tab without logging out of Luci session and without closing browser, they could re-open Luci web interface and continue using the session even after the timeout period has elapsed. References: <a href="http://sourceware.org/cluster/conga/">http://sourceware.org/cluster/conga/</a> Acknowledgement: Red Hat would like to thank George Hedfors of Cybercom Sweden East AB for reporting this issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Conga | ||
| Redhat Enterprise Linux | =5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2013-0128.html
- https://bugzilla.redhat.com/show_bug.cgi?id=607179
- http://sourceware.org/cluster/conga/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=607179#c0
- https://rhn.redhat.com/errata/RHSA-2013-0128.html
- https://access.redhat.com/security/cve/CVE-2012-3359
- https://access.redhat.com/security/cve/CVE-2013-7347
- collector/redhat-bugzilla
- alias/CVE-2012-3359
- collector/nvd-index
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/last-modified-date
- vendor/redhat
- canonical/redhat conga
- canonical/redhat enterprise linux
- version/redhat enterprise linux/5