What is CVE-2012-2144?

CVE-2012-2144 is a vulnerability in Openstack Horizon. Published 2012-06-05.

Is CVE-2012-2144 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Openstack Horizon

CVE-2012-2144

Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.

EPSS: 0.029 (86.7th percentile) — read the EPSS interpretation.

Affected products

Openstack Horizon — versions 2012.1, folsom-1
N/a — versions n/a

Public proof-of-concept exploits

thomasbiege/Publications

References

49024 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
[oss-security] 20120505 [OSSA 2012-006] Horizon session fixation and reuse (mailing-list, x_refsource_MLIST)
openstack-dashboard-session-hijacking(75423) (vdb-entry, x_refsource_XF)
FEDORA-2012-7369 (x_refsource_FEDORA, vendor-advisory)
secalert@redhat.com (x_refsource_MISC)
USN-1439-1 (x_refsource_UBUNTU, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)
49071 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
53399 (vdb-entry, x_refsource_BID)
81741 (x_refsource_OSVDB, vdb-entry)

Frequently asked questions

What is CVE-2012-2144?: CVE-2012-2144 is a vulnerability in Openstack Horizon. Published 2012-06-05.
Is CVE-2012-2144 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.