CVE-2012-2681
cumin: weak session keys
Severity Score
5.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key.
Cumin antes de v0.1.5444, tal y como se utiliza en Red Hat Enterprise Messaging, Realtime y Grid (MRG) v2.0, usa numeros aleatorios predecibles para generar claves de sesión, lo que hace más fácil para los atacantes remotos a la hora de adivinar la clave de sesión.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-05-14 CVE Reserved
- 2012-09-20 CVE Published
- 2023-06-16 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://secunia.com/advisories/50660 | Third Party Advisory | |
http://www.securityfocus.com/bid/55618 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/78771 | Vdb Entry |
URL | Date | SRC |
---|---|---|
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2012-1278.html | 2021-07-15 | |
http://rhn.redhat.com/errata/RHSA-2012-1281.html | 2021-07-15 | |
https://access.redhat.com/security/cve/CVE-2012-2681 | 2012-09-19 | |
https://bugzilla.redhat.com/show_bug.cgi?id=827558 | 2012-09-19 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Trevor Mckay Search vendor "Trevor Mckay" | Cumin Search vendor "Trevor Mckay" for product "Cumin" | <= 0.1.5192-4 Search vendor "Trevor Mckay" for product "Cumin" and version " <= 0.1.5192-4" | - |
Affected
| ||||||
Trevor Mckay Search vendor "Trevor Mckay" | Cumin Search vendor "Trevor Mckay" for product "Cumin" | 0.1.3160-1 Search vendor "Trevor Mckay" for product "Cumin" and version "0.1.3160-1" | - |
Affected
| ||||||
Trevor Mckay Search vendor "Trevor Mckay" | Cumin Search vendor "Trevor Mckay" for product "Cumin" | 0.1.4369-1 Search vendor "Trevor Mckay" for product "Cumin" and version "0.1.4369-1" | - |
Affected
| ||||||
Trevor Mckay Search vendor "Trevor Mckay" | Cumin Search vendor "Trevor Mckay" for product "Cumin" | 0.1.4410-2 Search vendor "Trevor Mckay" for product "Cumin" and version "0.1.4410-2" | - |
Affected
| ||||||
Trevor Mckay Search vendor "Trevor Mckay" | Cumin Search vendor "Trevor Mckay" for product "Cumin" | 0.1.4494-1 Search vendor "Trevor Mckay" for product "Cumin" and version "0.1.4494-1" | - |
Affected
| ||||||
Trevor Mckay Search vendor "Trevor Mckay" | Cumin Search vendor "Trevor Mckay" for product "Cumin" | 0.1.4794-1 Search vendor "Trevor Mckay" for product "Cumin" and version "0.1.4794-1" | - |
Affected
| ||||||
Trevor Mckay Search vendor "Trevor Mckay" | Cumin Search vendor "Trevor Mckay" for product "Cumin" | 0.1.4916-1 Search vendor "Trevor Mckay" for product "Cumin" and version "0.1.4916-1" | - |
Affected
| ||||||
Trevor Mckay Search vendor "Trevor Mckay" | Cumin Search vendor "Trevor Mckay" for product "Cumin" | 0.1.5098-2 Search vendor "Trevor Mckay" for product "Cumin" and version "0.1.5098-2" | - |
Affected
| ||||||
Trevor Mckay Search vendor "Trevor Mckay" | Cumin Search vendor "Trevor Mckay" for product "Cumin" | 0.1.5192-1 Search vendor "Trevor Mckay" for product "Cumin" and version "0.1.5192-1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Mrg Search vendor "Redhat" for product "Enterprise Mrg" | 2.0 Search vendor "Redhat" for product "Enterprise Mrg" and version "2.0" | - |
Affected
|