CVE-2012-6137
Published May 21, 2013
Last updated 7 years ago
Overview
- Description
- rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials.
- Source
- secalert@redhat.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-255
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5833A489-D6DE-4D51-9E74-189CBC2E28CA"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:client:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13B6DE5F-3143-4C63-8D8D-4679CF0F9DC8"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.9.z:*:server:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5057E4A-F85E-4EEA-BD38-12B3BC979523"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8CDFD93B-693D-46DC-9C39-FDECB3E619E8"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_long_life:5.9:*:server:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E663F8F7-FAB1-4BBE-BF85-CEF90B786462"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF83BB87-B203-48F9-9D06-48A5FE399050"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.4.z:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF3F4527-8ADB-4A45-9E2C-C6E45D637D14"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
}
],
"operator": "OR"
}
]
}
]