CVE-2012-3359

low

Published 2014-03-31 · Modified 2026-05-06

CVSS v3

—

CVSS v2

3.7

VIR risk

3.7

Description

Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect enforcement of a user timeout.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2013-0128.html

OS impact

OS	Version	Status	Fixed in
rhel	5	affected

Application impact

Vendor	Product	Versions	Fixed
redhat	conga

References

http://rhn.redhat.com/errata/RHSA-2013-0128.html
https://bugzilla.redhat.com/show_bug.cgi?id=607179
http://rhn.redhat.com/errata/RHSA-2013-0128.html
https://bugzilla.redhat.com/show_bug.cgi?id=607179

CWEs

CWE-255

Verify integrity in audit chain (admin only). AS-IS.