製品・ソフトウェアに関する情報

JVN脆弱性詳細

OpenStack Dashboard (Horizon) における Web セッションをハイジャックされる脆弱性

Title	OpenStack Dashboard (Horizon) における Web セッションをハイジャックされる脆弱性
Summary	OpenStack Dashboard (Horizon) には、Web セッションをハイジャックされる脆弱性が存在します。
Possible impacts	第三者により、セッション ID クッキーを介して、Web セッションをハイジャックされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 5, 2012, midnight
Registration Date	June 7, 2012, 4:20 p.m.
Last Update	June 7, 2012, 4:20 p.m.

Affected System

OpenStack

OpenStack Horizon 2012.1

OpenStack Horizon folsom-1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-2144	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2144
National Vulnerability Database (NVD)
2	CVE-2012-2144	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2144

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
Fedora Update Notification
1	FEDORA-2012-7369	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081173.html
GitHub
2	Fixes lp978896 -- Session fixation security fix	https://github.com/openstack/horizon/commit/041b1c44c7d6cf5429505067c32f8f35166a8bab
Launchpad
3	session fixation vulnerability (Bug #978896)	https://bugs.launchpad.net/horizon/+bug/978896
Ubuntu Security Notice
4	USN-1439-1	http://www.ubuntu.com/usn/usn-1439-1/

Change Log

No	Changed Details	Date of change
0	[2012年06月07日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-2144

Summary	Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.
Publication Date	June 6, 2012, 7:55 a.m.
Registration Date	Jan. 28, 2021, 2:57 p.m.
Last Update	Nov. 21, 2024, 10:38 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openstack:horizon:2012.1:::::::*
cpe:2.3:a:openstack:horizon:folsom-1:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081173.html
2	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081173.html
3	http://secunia.com/advisories/49024	Vendor Advisory
4	http://secunia.com/advisories/49024	Vendor Advisory
5	http://secunia.com/advisories/49071	Vendor Advisory
6	http://secunia.com/advisories/49071	Vendor Advisory
7	http://ubuntu.com/usn/usn-1439-1
8	http://ubuntu.com/usn/usn-1439-1
9	http://www.openwall.com/lists/oss-security/2012/05/05/1
10	http://www.openwall.com/lists/oss-security/2012/05/05/1
11	http://www.osvdb.org/81741
12	http://www.osvdb.org/81741
13	http://www.securityfocus.com/bid/53399
14	http://www.securityfocus.com/bid/53399
15	https://bugs.launchpad.net/horizon/+bug/978896
16	https://bugs.launchpad.net/horizon/+bug/978896
17	https://exchange.xforce.ibmcloud.com/vulnerabilities/75423
18	https://exchange.xforce.ibmcloud.com/vulnerabilities/75423
19	https://github.com/openstack/horizon/commit/041b1c44c7d6cf5429505067c32f8f35166a8bab	Exploit Patch
20	https://github.com/openstack/horizon/commit/041b1c44c7d6cf5429505067c32f8f35166a8bab	Exploit Patch

Common Vulnerabilities List