CVE-2012-3458
medium
CVSS v3
—
CVSS v2
4.3
VIR risk
4.3
Description
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-3458
Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/50520
Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/50226
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 1.6.3-1.1 |
| debian | bullseye | fixed | 1.6.3-1.1 |
| debian | forky | fixed | 1.6.3-1.1 |
| debian | sid | fixed | 1.6.3-1.1 |
| debian | trixie | fixed | 1.6.3-1.1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| python | beaker | {"endIncluding":"1.6.4"} | |
References
- https://nvd.nist.gov/vuln/detail/CVE-2012-3458
- https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5
- https://bugzilla.redhat.com/show_bug.cgi?id=809267
- https://github.com/bbangert/beaker
- https://github.com/pypa/advisory-database/tree/main/vulns/beaker/PYSEC-2012-1.yaml
- https://web.archive.org/web/20140724164516/http://secunia.com/advisories/50226
- https://web.archive.org/web/20140725025612/http://secunia.com/advisories/50520
- http://www.debian.org/security/2012/dsa-2541
- http://www.openwall.com/lists/oss-security/2012/08/13/10
- http://secunia.com/advisories/50226
- http://secunia.com/advisories/50520
- https://security-tracker.debian.org/tracker/CVE-2012-3458
CWEs
CWE-310
Verify integrity in audit chain (admin only). AS-IS.