CVE-2014-10400

MEDIUM

6.1

Beschreibung

The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.

CVE Details

CVSS v3.1 Bewertung6.1

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht2/6/2020

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

keplerproject:cgilua

Schwachen (CWE)

CWE-384

Referenzen

http://seclists.org/fulldisclosure/2014/Apr/318(cve@mitre.org)

http://www.securityfocus.com/archive/1/531981/100/0/threaded(cve@mitre.org)

http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid(cve@mitre.org)

http://seclists.org/fulldisclosure/2014/Apr/318(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/archive/1/531981/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)

http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.