CVE-2013-7347

EPSS 0.14%
Published 31.03.2014 14:58:45
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie.  NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user and password in a cookie.

Affected products Warnungen 0 Metrics 2 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Conga

Redhat ≫ Enterprise Linux Version5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.31

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.7	1.9	6.4	AV:L/AC:H/Au:N/C:P/I:P/A:P

http://rhn.redhat.com/errata/RHSA-2013-0128.html

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=607179

https://nvd.nist.gov/vuln/detail/CVE-2013-7347

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-7347

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-7347

EUVD