4.3
CVE-2012-3458
- EPSS 2.45%
- Veröffentlicht 15.09.2012 17:55:07
- Zuletzt bearbeitet 16.06.2026 23:43:15
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.45% | 0.822 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
http://secunia.com/advisories/50226
http://secunia.com/advisories/50520
http://www.debian.org/security/2012/dsa-2541
http://www.openwall.com/lists/oss-security/2012/08/13/10
https://bugzilla.redhat.com/show_bug.cgi?id=809267
https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5