1. Home
  2. CVE Database
  3. CVE-2012-6137
MEDIUM · 4.3

CVE-2012-6137

rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which all...

Vulnerability Description

rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
RedhatEnterprise Linux5
RedhatEnterprise Linux Desktop5.0
RedhatEnterprise Linux Eus5.9.z
RedhatEnterprise Linux Hpc Node6
RedhatEnterprise Linux Long Life5.9
RedhatEnterprise Linux Server6.0
RedhatEnterprise Linux Server Aus6.4
RedhatEnterprise Linux Server Eus6.4.z
RedhatEnterprise Linux Workstation6.0

Related Weaknesses (CWE)

CWE-255

References

FAQ

What is CVE-2012-6137?

CVE-2012-6137 is a vulnerability with a CVSS score of 4.3 (MEDIUM). rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which all...

How severe is CVE-2012-6137?

CVE-2012-6137 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-6137?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Long Life.