CVE-2012-0059

Published: Feb 5, 2014Modified: Apr 29, 2026

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.2 / Impact: 3.6

Source: secalert@redhat.com

Description

A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the unauthorized disclosure of user passwords.

Affected (2)

Products: Redhat: Network Proxy, Satellite

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Network Proxy	Version 5.4
Redhat Satellite	Version 5.4

Related CWEs

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (5)

http://rhn.redhat.com/errata/RHSA-2012-0101.html

Source: secalert@redhat.com

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2012-0102.html

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2012-0059

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-0101.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2012-0102.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.