CVE-2012-5631

HIGH

ipa <3.0 - Info Disclosure

Title source: llm

Description

ipa 3.0 does not properly check server identity before sending credential containing cookies

References (4)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5631

[Third Party Advisory] https://access.redhat.com/security/cve/cve-2012-5631

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/56919

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/80784

Scores

CVSS v3 8.8

EPSS 0.0051

EPSS Percentile 66.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-565

Status published

Products (1)

freeipa/freeipa 3.0.0

Published Nov 25, 2019

Tracked Since Feb 18, 2026