Description
SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984.
References (4)
Core 4
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/806908
Vendor Advisory x_refsource_confirm
http://support.novell.com/security/cve/CVE-2012-0435.html
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=792712
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00008.html
Scores
EPSS
0.0069
EPSS Percentile
72.0%
Details
Status
published
Products (1)
suse/webyast
1.2
Published
Jan 26, 2013
Tracked Since
Feb 18, 2026