Vulnerability Details CVE-2012-6137
rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.4%
CVSS Severity
CVSS v2 Score 4.3
References
- http://osvdb.org/93058
- http://rhn.redhat.com/errata/RHSA-2013-0788.html
- http://secunia.com/advisories/53330
- http://www.securityfocus.com/bid/59674
- http://www.securitytracker.com/id/1028520
- https://bugzilla.redhat.com/show_bug.cgi?id=885130
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84020
- http://osvdb.org/93058
- http://rhn.redhat.com/errata/RHSA-2013-0788.html
- http://secunia.com/advisories/53330
- http://www.securityfocus.com/bid/59674
- http://www.securitytracker.com/id/1028520
- https://bugzilla.redhat.com/show_bug.cgi?id=885130
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84020
Products affected by CVE-2012-6137
-
cpe:2.3:o:redhat:enterprise_linux:5
-
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
-
cpe:2.3:o:redhat:enterprise_linux_eus:5.9.z
-
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6
-
cpe:2.3:o:redhat:enterprise_linux_long_life:5.9
-
cpe:2.3:o:redhat:enterprise_linux_server:6.0
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.4.z
-
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0