CVE-2012-6137

Published May 21, 2013

Last updated 3 months ago

CVSS info 4.3

Overview

Description: rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-255

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5833A489-D6DE-4D51-9E74-189CBC2E28CA"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:client:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13B6DE5F-3143-4C63-8D8D-4679CF0F9DC8"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9.z:*:server:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5057E4A-F85E-4EEA-BD38-12B3BC979523"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CDFD93B-693D-46DC-9C39-FDECB3E619E8"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_long_life:5.9:*:server:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E663F8F7-FAB1-4BBE-BF85-CEF90B786462"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.4.z:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF3F4527-8ADB-4A45-9E2C-C6E45D637D14"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References