Zurück zur CVE-Übersicht
CVE-2009-2165
HIGH(7.5)AV:N/AC:L/Au:N/C:P/I:P/A:P
Risk Signal Score19/100 — NIEDRIG
- CVSS 7.5 — Hoch
EPSS-Score
1%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
7.5
Technische Schwere
Beschreibung
SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
Referenzen
- http://jvn.jp/en/jp/JVN20689557/index.html
- http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000035.html
- http://secunia.com/advisories/35335
- http://serenebach.net/log/sb221R.html
- http://www.securityfocus.com/bid/35254
- http://jvn.jp/en/jp/JVN20689557/index.html
- http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000035.html
- http://secunia.com/advisories/35335
- http://serenebach.net/log/sb221R.html
- http://www.securityfocus.com/bid/35254