Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for network_proxy by redhat
CVE-2010-2236 (GCVE-0-2010-2236)
Vulnerability from nvd – Published: 2014-04-15 18:00 – Updated: 2024-08-07 02:25
VLAI?
Summary
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2014-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:07.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56952"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=819987\u0026action=diff"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607712"
},
{
"name": "SUSE-SU-2014:0222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-15T17:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "56952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56952"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=819987\u0026action=diff"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607712"
},
{
"name": "SUSE-SU-2014:0222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2236",
"datePublished": "2014-04-15T18:00:00.000Z",
"dateReserved": "2010-06-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:25:07.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0059 (GCVE-0-2012-0059)
Vulnerability from nvd – Published: 2014-02-05 18:00 – Updated: 2026-04-02 23:42
VLAI?
Title
Spacewalk-backend: spacewalk-backend: information disclosure via cleartext passwords in error messages
Summary
A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the unauthorized disclosure of user passwords.
Severity ?
4.9 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
||||||||||||||||||||||
|
||||||||||||||||||||||||
Date Public ?
2014-02-05 18:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:17.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:0101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0101.html"
},
{
"name": "RHSA-2012:0102",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0102.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "rhn-client-tools",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "rhnsd",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "yum-rhn-plugin",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "rhnsd",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "yum-rhn-plugin",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"datePublic": "2014-02-05T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the unauthorized disclosure of user passwords."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T23:42:30.680Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://rhn.redhat.com/errata/RHSA-2012-0101.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2012-0102.html"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2012-0059"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-02T15:01:48.408Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2014-02-05T18:00:00.000Z",
"value": "Made public."
}
],
"title": "Spacewalk-backend: spacewalk-backend: information disclosure via cleartext passwords in error messages",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-209: Generation of Error Message Containing Sensitive Information"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0059",
"datePublished": "2014-02-05T18:00:00.000Z",
"dateReserved": "2011-12-07T00:00:00.000Z",
"dateUpdated": "2026-04-02T23:42:30.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
FKIE_CVE-2010-2236
Vulnerability from fkie_nvd - Published: 2014-04-15 23:55 - Updated: 2026-05-06 22:30
Severity ?
Summary
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:network_proxy:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD54BC7C-AD07-41B7-B2E1-A12361F16BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7342B50-2EB5-4B1D-8B7B-B3EF0CB57344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78224C92-8BA1-4717-9DE4-4CC74B5E80FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1C5E62-E685-44F0-9AB3-B8C6BDA7E315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E90E312-ED12-4EBB-AA88-603C91AF2BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3CDDEC74-7E97-4498-A136-B270BD1AC72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1FDDB68-9828-4DAF-8417-4E3B68ABA2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:spacewalk-java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0E732F-CA6D-4AE5-AC20-46DB629B1C95",
"versionEndIncluding": "2.1.147-1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks."
},
{
"lang": "es",
"value": "La consola de sensores de monitorizaci\u00f3n en spacewalk-java anterior a 2.1.148-1 y Red Hat Network (RHN) Satellite 4.0.0 hasta 4.2.0 y 5.1.0 hasta 5.3.0 y Proxy 5.3.0, permite a usuarios remotos autenticados con permisos para administrar sensores de monitorizaci\u00f3n ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, relacionado con backticks."
}
],
"id": "CVE-2010-2236",
"lastModified": "2026-05-06T22:30:45.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-15T23:55:07.203",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56952"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=819987\u0026action=diff"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607712"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9"
},
{
"source": "secalert@redhat.com",
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=819987\u0026action=diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-0059
Vulnerability from fkie_nvd - Published: 2014-02-05 18:55 - Updated: 2026-04-29 01:13
Severity ?
Summary
A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the unauthorized disclosure of user passwords.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | network_proxy | 5.4 | |
| redhat | satellite | 5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:network_proxy:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DD07C5-6D72-4926-B752-A7D1C1953772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:satellite:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCE54F9-0195-4E9D-A15F-3947EA0EBED7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the unauthorized disclosure of user passwords."
},
{
"lang": "es",
"value": "El backend de Spacewalk en Red Hat Network (RHN) Satellite y Proxy 5.4 incluye contrase\u00f1as de usuario en texto claro en un mensaje de error cuando la llamada XML-RPC del registro del sistema falla, permite a administradores remotos obtener la contrase\u00f1a mediante la lectura de (1) las trazas del servidor y (2) un correo."
}
],
"id": "CVE-2012-0059",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Primary"
}
]
},
"published": "2014-02-05T18:55:06.223",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0101.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0102.html"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/security/cve/CVE-2012-0059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0102.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
CVE-2010-2236 (GCVE-0-2010-2236)
Vulnerability from cvelistv5 – Published: 2014-04-15 18:00 – Updated: 2024-08-07 02:25
VLAI?
Summary
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2014-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:25:07.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56952"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=819987\u0026action=diff"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607712"
},
{
"name": "SUSE-SU-2014:0222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-15T17:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "56952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56952"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/attachment.cgi?id=819987\u0026action=diff"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=c41c87a9dc9dac771eb761dd63ada05b2f9104f9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=607712"
},
{
"name": "SUSE-SU-2014:0222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2236",
"datePublished": "2014-04-15T18:00:00.000Z",
"dateReserved": "2010-06-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:25:07.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0059 (GCVE-0-2012-0059)
Vulnerability from cvelistv5 – Published: 2014-02-05 18:00 – Updated: 2026-04-02 23:42
VLAI?
Title
Spacewalk-backend: spacewalk-backend: information disclosure via cleartext passwords in error messages
Summary
A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the unauthorized disclosure of user passwords.
Severity ?
4.9 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
||||||||||||||||||||||
|
||||||||||||||||||||||||
Date Public ?
2014-02-05 18:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:17.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:0101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0101.html"
},
{
"name": "RHSA-2012:0102",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0102.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "rhn-client-tools",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "rhnsd",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "yum-rhn-plugin",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "rhnsd",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "yum-rhn-plugin",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"datePublic": "2014-02-05T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the unauthorized disclosure of user passwords."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T23:42:30.680Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "http://rhn.redhat.com/errata/RHSA-2012-0101.html"
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2012-0102.html"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2012-0059"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-02T15:01:48.408Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2014-02-05T18:00:00.000Z",
"value": "Made public."
}
],
"title": "Spacewalk-backend: spacewalk-backend: information disclosure via cleartext passwords in error messages",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-209: Generation of Error Message Containing Sensitive Information"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0059",
"datePublished": "2014-02-05T18:00:00.000Z",
"dateReserved": "2011-12-07T00:00:00.000Z",
"dateUpdated": "2026-04-02T23:42:30.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}