Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cumin | Trevor_mckay | * | 0.1.5192-4 (including) |
| Cumin | Trevor_mckay | 0.1.3160-1 (including) | 0.1.3160-1 (including) |
| Cumin | Trevor_mckay | 0.1.4369-1 (including) | 0.1.4369-1 (including) |
| Cumin | Trevor_mckay | 0.1.4410-2 (including) | 0.1.4410-2 (including) |
| Cumin | Trevor_mckay | 0.1.4494-1 (including) | 0.1.4494-1 (including) |
| Cumin | Trevor_mckay | 0.1.4794-1 (including) | 0.1.4794-1 (including) |
| Cumin | Trevor_mckay | 0.1.4916-1 (including) | 0.1.4916-1 (including) |
| Cumin | Trevor_mckay | 0.1.5033-1 (including) | 0.1.5033-1 (including) |
| Cumin | Trevor_mckay | 0.1.5037-1 (including) | 0.1.5037-1 (including) |
| Cumin | Trevor_mckay | 0.1.5054-1 (including) | 0.1.5054-1 (including) |
| Cumin | Trevor_mckay | 0.1.5068-1 (including) | 0.1.5068-1 (including) |
| Cumin | Trevor_mckay | 0.1.5092-1 (including) | 0.1.5092-1 (including) |
| Cumin | Trevor_mckay | 0.1.5098-2 (including) | 0.1.5098-2 (including) |
| Cumin | Trevor_mckay | 0.1.5105-1 (including) | 0.1.5105-1 (including) |
| Cumin | Trevor_mckay | 0.1.5137-1 (including) | 0.1.5137-1 (including) |
| Cumin | Trevor_mckay | 0.1.5137-2 (including) | 0.1.5137-2 (including) |
| Cumin | Trevor_mckay | 0.1.5137-3 (including) | 0.1.5137-3 (including) |
| Cumin | Trevor_mckay | 0.1.5137-4 (including) | 0.1.5137-4 (including) |
| Cumin | Trevor_mckay | 0.1.5137-5 (including) | 0.1.5137-5 (including) |
| Cumin | Trevor_mckay | 0.1.5192-1 (including) | 0.1.5192-1 (including) |
| Enterprise_mrg | Redhat | 2.0 (including) | 2.0 (including) |
| MRG for RHEL-5 v. 2 | RedHat | condor-0:7.6.5-0.22.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | condor-wallaby-0:4.1.3-1.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | condor-wallaby-base-db-0:1.23-1.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | cumin-0:0.1.5444-3.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | sesame-0:1.0-4.el5 | * |
| MRG for RHEL-5 v. 2 | RedHat | wallaby-0:0.12.5-10.el5 | * |
| Red Hat Enterprise MRG 2 | RedHat | condor-0:7.6.5-0.22.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | condor-wallaby-0:4.1.3-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | condor-wallaby-base-db-0:1.23-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | cumin-0:0.1.5444-3.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | deltacloud-core-0:0.5.0-10.el6_2 | * |
| Red Hat Enterprise MRG 2 | RedHat | libdeltacloud-0:0.9-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-daemons-0:1.1.4-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-eventmachine-0:0.12.10-7.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-fssm-0:0.2.7-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-haml-0:3.1.2-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-hpricot-0:0.8.4-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-json-0:1.4.6-10.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-maruku-0:0.6.0-4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-mime-types-0:1.16-4.el6_0 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-mocha-0:0.9.7-4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-net-ssh-0:2.0.23-6.el6_0 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-nokogiri-0:1.5.0-0.8.beta4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rack-1:1.3.0-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rack-accept-0:0.4.3-6.el6_0 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rack-test-0:0.6.1-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rake-0:0.8.7-2.1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-rest-client-0:1.6.1-2.el6_0 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygems-0:1.8.16-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-sass-0:3.1.4-4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-sinatra-1:1.2.6-2.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-syntax-0:1.0.0-4.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-thin-0:1.2.11-3.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-tilt-0:1.3.2-3.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | rubygem-yard-0:0.7.2-1.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | sesame-0:1.0-6.el6 | * |
| Red Hat Enterprise MRG 2 | RedHat | wallaby-0:0.12.5-10.el6 | * |
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151
- http://rhn.redhat.com/errata/RHSA-2012-1278.html
- http://rhn.redhat.com/errata/RHSA-2012-1281.html
- http://secunia.com/advisories/50660
- http://www.securityfocus.com/bid/55618
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78776
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=832151
- http://rhn.redhat.com/errata/RHSA-2012-1278.html
- http://rhn.redhat.com/errata/RHSA-2012-1281.html
- http://secunia.com/advisories/50660
- http://www.securityfocus.com/bid/55618
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78776