Lucene search

[email protected]CVE-2012-0062

HistoryFeb 14, 2014 - 3:55 p.m.

CVE-2012-0062

2014-02-1415:55:04

CWE-287

[email protected]

web.nvd.nist.gov

cve-2012-0062

red hat jboss

operations network

jon

remote attackers

hijack

agent sessions

security token

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.6%

JSON

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token.

Affected configurations

NVD

Node

redhatjboss_operations_networkRange≤2.4.1

redhatjboss_operations_networkMatch2.0.0

redhatjboss_operations_networkMatch2.0.1

redhatjboss_operations_networkMatch2.1.0

redhatjboss_operations_networkMatch2.2

redhatjboss_operations_networkMatch2.3

redhatjboss_operations_networkMatch2.3.1

redhatjboss_operations_networkMatch2.4

redhatjboss_operations_networkMatch3.0

CPENameOperatorVersion
redhat:jboss_operations_networkredhat jboss operations networkle2.4.1
redhat:jboss_operations_networkredhat jboss operations networkeq2.0.0
redhat:jboss_operations_networkredhat jboss operations networkeq2.0.1
redhat:jboss_operations_networkredhat jboss operations networkeq2.1.0
redhat:jboss_operations_networkredhat jboss operations networkeq2.2
redhat:jboss_operations_networkredhat jboss operations networkeq2.3
redhat:jboss_operations_networkredhat jboss operations networkeq2.3.1
redhat:jboss_operations_networkredhat jboss operations networkeq2.4
redhat:jboss_operations_networkredhat jboss operations networkeq3.0

CPE	Name	Operator	Version
redhat:jboss_operations_network	redhat jboss operations network	le	2.4.1
redhat:jboss_operations_network	redhat jboss operations network	eq	2.0.0
redhat:jboss_operations_network	redhat jboss operations network	eq	2.0.1
redhat:jboss_operations_network	redhat jboss operations network	eq	2.1.0
redhat:jboss_operations_network	redhat jboss operations network	eq	2.2
redhat:jboss_operations_network	redhat jboss operations network	eq	2.3
redhat:jboss_operations_network	redhat jboss operations network	eq	2.3.1
redhat:jboss_operations_network	redhat jboss operations network	eq	2.4
redhat:jboss_operations_network	redhat jboss operations network	eq	3.0

References

rhn.redhat.com/errata/RHSA-2012-0089.html

rhn.redhat.com/errata/RHSA-2012-0406.html

bugzilla.redhat.com/show_bug.cgi?id=783008

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.6%

JSON

Related for CVE-2012-0062

nvd1 cvelist1 prion1 seebug1