Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie.
Conclusion & alert: CVE-2012-2735 is rated Moderate Risk (46/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 1.57%). Core evidence: EPSS rose +1.18% over the last day, indicating growing attacker interest. Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.39% | 1.57% | +1.18% |
| 2 | 2025-03-17 | 0.19% | 0.39% | +0.20% |
| 3 | 2023-03-07 | — | 0.19% | — |
Full EPSS history (6 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 4.9 | 2.0 | MEDIUM |
|
6.8 | 4.9 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2012-2735 |
: Per: http://rhn.redhat.com/errata/RHSA-2012-1278.html " An authenticated user able to pre-set the Cumin session cookie in a victim's browser could possibly use this flaw to steal the victim's session after they log into Cumin."
: Per: http://cwe.mitre.org/data/definitions/384.html 'CWE-384: Session Fixation'
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| trevor_mckay | cumin | <= 0.1.5192-4 | cpe:2.3:a:trevor_mckay:cumin:*:*:*:*:*:*:*:* |
| trevor_mckay | cumin | 0.1.3160-1 | cpe:2.3:a:trevor_mckay:cumin:0.1.3160-1:*:*:*:*:*:*:* |
| trevor_mckay | cumin | 0.1.4369-1 | cpe:2.3:a:trevor_mckay:cumin:0.1.4369-1:*:*:*:*:*:*:* |
| trevor_mckay | cumin | 0.1.4410-2 | cpe:2.3:a:trevor_mckay:cumin:0.1.4410-2:*:*:*:*:*:*:* |
| trevor_mckay | cumin | 0.1.4494-1 | cpe:2.3:a:trevor_mckay:cumin:0.1.4494-1:*:*:*:*:*:*:* |
| trevor_mckay | cumin | 0.1.4794-1 | cpe:2.3:a:trevor_mckay:cumin:0.1.4794-1:*:*:*:*:*:*:* |
| trevor_mckay | cumin | 0.1.4916-1 | cpe:2.3:a:trevor_mckay:cumin:0.1.4916-1:*:*:*:*:*:*:* |
| trevor_mckay | cumin | 0.1.5033-1 | cpe:2.3:a:trevor_mckay:cumin:0.1.5033-1:*:*:*:*:*:*:* |
| trevor_mckay | cumin | 0.1.5037-1 | cpe:2.3:a:trevor_mckay:cumin:0.1.5037-1:*:*:*:*:*:*:* |
| trevor_mckay | cumin | 0.1.5054-1 | cpe:2.3:a:trevor_mckay:cumin:0.1.5054-1:*:*:*:*:*:*:* |
| trevor_mckay | cumin | 0.1.5068-1 | cpe:2.3:a:trevor_mckay:cumin:0.1.5068-1:*:*:*:*:*:*:* |
| trevor_mckay | cumin | 0.1.5092-1 | cpe:2.3:a:trevor_mckay:cumin:0.1.5092-1:*:*:*:*:*:*:* |
| trevor_mckay | cumin | 0.1.5098-2 | cpe:2.3:a:trevor_mckay:cumin:0.1.5098-2:*:*:*:*:*:*:* |
| trevor_mckay | cumin | 0.1.5105-1 | cpe:2.3:a:trevor_mckay:cumin:0.1.5105-1:*:*:*:*:*:*:* |
| trevor_mckay | cumin | 0.1.5137-1 | cpe:2.3:a:trevor_mckay:cumin:0.1.5137-1:*:*:*:*:*:*:* |
| trevor_mckay | cumin | 0.1.5137-2 | cpe:2.3:a:trevor_mckay:cumin:0.1.5137-2:*:*:*:*:*:*:* |
| trevor_mckay | cumin | 0.1.5137-3 | cpe:2.3:a:trevor_mckay:cumin:0.1.5137-3:*:*:*:*:*:*:* |
| trevor_mckay | cumin | 0.1.5137-4 | cpe:2.3:a:trevor_mckay:cumin:0.1.5137-4:*:*:*:*:*:*:* |
| trevor_mckay | cumin | 0.1.5137-5 | cpe:2.3:a:trevor_mckay:cumin:0.1.5137-5:*:*:*:*:*:*:* |
| trevor_mckay | cumin | 0.1.5192-1 | cpe:2.3:a:trevor_mckay:cumin:0.1.5192-1:*:*:*:*:*:*:* |
| redhat | enterprise_mrg | 2.0 | cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:* |