Unrated severityNVD Advisory· Published May 21, 2013· Updated Apr 29, 2026

CVE-2012-6137

Description

rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials.

Affected products

Red Hat/Enterprise Linux
cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*
Red Hat/Enterprise Linux Desktop2 versions
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:client:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:client:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Eus
cpe:2.3:o:redhat:enterprise_linux_eus:5.9.z:*:server:*:*:*:*:*
Red Hat/Enterprise Linux Hpc Node
cpe:2.3:o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Long Life
cpe:2.3:o:redhat:enterprise_linux_long_life:5.9:*:server:*:*:*:*:*
Red Hat/Enterprise Linux Server
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Aus
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Server Eus
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.4.z:*:*:*:*:*:*:*
Red Hat/Enterprise Linux Workstation
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2013-0788.htmlnvdVendor Advisory
secunia.com/advisories/53330nvdVendor Advisory
osvdb.org/93058nvd
www.securityfocus.com/bid/59674nvd
www.securitytracker.com/id/1028520nvd
bugzilla.redhat.com/show_bug.cginvd
exchange.xforce.ibmcloud.com/vulnerabilities/84020nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000