Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2012-5604
Vulnerability from gsd - Updated: 2012-12-04 00:00Details
The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-5604",
"description": "The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors.",
"id": "GSD-2012-5604"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "ldap_fluff",
"purl": "pkg:gem/ldap_fluff"
}
}
],
"aliases": [
"CVE-2012-5604",
"OSVDB-90579"
],
"details": "The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors.",
"id": "GSD-2012-5604",
"modified": "2012-12-04T00:00:00.000Z",
"published": "2012-12-04T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5604"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 5.0,
"type": "CVSS_V2"
}
],
"summary": "CVE-2012-5604 rubygem-ldap_fluff: CloudForms authentication bypass when handling anonymous LDAP bind"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5604",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-0544.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=882136",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=882136"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2012-5604",
"cvss_v2": 5.0,
"date": "2012-12-04",
"description": "The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors.",
"gem": "ldap_fluff",
"osvdb": 90579,
"patched_versions": [
"\u003e= 0.1.3"
],
"title": "CVE-2012-5604 rubygem-ldap_fluff: CloudForms authentication bypass when handling anonymous LDAP bind",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5604"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c0.1.3",
"affected_versions": "All versions before 0.1.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2018-05-12",
"description": "The ldap_fluff gem for Ruby, as used in Red Hat CloudForms, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors.",
"fixed_versions": [
"0.1.3"
],
"identifier": "CVE-2012-5604",
"identifiers": [
"CVE-2012-5604"
],
"not_impacted": "All versions starting from 0.1.3",
"package_slug": "gem/ldap_fluff",
"pubdate": "2013-03-01",
"solution": "Upgrade to version 0.1.3 or above",
"title": "Permissions, Privileges, and Access Controls",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2012-5604",
"http://rhn.redhat.com/errata/RHSA-2013-0544.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=882136"
],
"uuid": "d369909f-6873-4f6a-9c74-122d2364d71a"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:cloudforms:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5604"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:0544",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=882136",
"refsource": "MISC",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=882136"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-05-12T01:29Z",
"publishedDate": "2013-03-01T05:40Z"
}
}
}