Lucene search
SuseSUSE-SU-2013:0053-1HistoryJan 23, 2013 - 5:04 a.m.
Security update for WebYaST (important)
2013-01-2305:04:22
lists.opensuse.org
5
0.003 Low
EPSS
Percentile
65.4%
The hosts list used by WebYaST for connecting to it’s back
end part was modifiable allowing to point to a malicious
website which then could access all values sent by WebYaST.
The /host configuration path was removed to fix this issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| WebYaST | 1.2 | noarch | webyast-base-ui | < 0.2.63-0.6.1 | webyast-base-ui-0.2.63-0.6.1.noarch.rpm |
| SUSE Studio Standard Edition | 1.2 | noarch | webyast-base-ui | < 0.2.63-0.6.1 | webyast-base-ui-0.2.63-0.6.1.noarch.rpm |
| WebYaST | 1.2 | noarch | webyast-base-ui-branding-default | < 0.2.63-0.6.1 | webyast-base-ui-branding-default-0.2.63-0.6.1.noarch.rpm |
| WebYaST | 1.2 | noarch | webyast-base-ui-testsuite | < 0.2.63-0.6.1 | webyast-base-ui-testsuite-0.2.63-0.6.1.noarch.rpm |
Related
nvd
nvd
CVE-2012-0435
2013-01-26 21:55:00
cve
cve
CVE-2012-0435
2022-10-03 16:15:38
nessus
nessus
WebYaST Host Modification MiTM
2013-01-25 00:00:00
cert
cert
SUSE WebYaST remotely accessible hosts list vulnerability
2013-01-25 00:00:00
prion
prion
Design/Logic Flaw
2013-01-26 21:55:00
cvelist
cvelist
CVE-2012-0435
2022-10-03 16:15:38