CVE-2012-3458
beaker - information disclosure
5.3
MEDIUM
CVSS 3.1
EPSS 0.60%
Description
Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.
How to fix CVE-2012-3458
To remediate CVE-2012-3458, upgrade the affected package to a fixed version below.
- Debian/beaker—upgrade to 1.6.3-1.1 or later
- —upgrade to 1.5.4-4+squeeze1 or later
- —upgrade to 1.6.4 or later
- —upgrade to 91becae76101cf87ce8cbfabe3af2622fc328fe5 or later
Is CVE-2012-3458 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 1.6.3-1.1
- from 0, < 1.5.4-4+squeeze1
- from 0, < 1.6.4
- from 0, < 91becae76101cf87ce8cbfabe3af2622fc328fe5 | from 0, < 1.6.5.post1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |