Release date:
Updated on:
Affected Systems:
Openstack OpenStack Dashboard (Horizon) 2012.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53399
Cve id: CVE-2012-2144
OpenStack is an open-source project jointly developed by NASA and Rackspace to provide software for the construction and management of public and private clouds. OpenStack Dashboard Horizon is the baseline user interface for managing OpenStack services.
Horizon 2012.1 has a session fixation vulnerability. Attackers can exploit this vulnerability to hijack arbitrary sessions and illegally access affected applications.
<* Source: Thomas Biege (thomas@suse.de)
Link: https://bugs.launchpad.net/horizon/+bug/978896
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Openstack
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://horizon.openstack.org/intro.html