CVE-2012-0059
MEDIUMRed Hat Network Proxy - Information Disclosure via System Registration XML-RPC Error Messages
Title source: llmDescription
A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the unauthorized disclosure of user passwords.
References (3)
Core 3
Core References
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-0101.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-0102.html
Vdb Entry, X_Refsource_Redhat vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2012-0059
Scores
CVSS v3
4.9
EPSS
0.0036
EPSS Percentile
58.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-209
CWE-310
Status
published
Products (4)
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
redhat/network_proxy
5.4
redhat/satellite
5.4
Published
Feb 05, 2014
Tracked Since
Feb 18, 2026