Vulnerability Details : CVE-2012-3458
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.
Products affected by CVE-2012-3458
- cpe:2.3:a:python:beaker:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-3458
0.60%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-3458
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-3458
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3458
-
https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5
Apply patch from Redhat to secure pycrypto that otherwise could allow… · bbangert/beaker@91becae · GitHub
-
http://www.debian.org/security/2012/dsa-2541
Debian -- Security Information -- DSA-2541-1 beaker
-
https://bugzilla.redhat.com/show_bug.cgi?id=809267
809267 – (CVE-2012-3458) CVE-2012-3458 python-beaker: weak use of crypto can leak information to remote attackers
-
http://www.openwall.com/lists/oss-security/2012/08/13/10
oss-security - ANN: Beaker 1.6.4 released with important security update
-
http://secunia.com/advisories/50520
Sign inVendor Advisory
-
http://secunia.com/advisories/50226
Sign inVendor Advisory
Jump to