CVE-2001-1534

Sažetak

mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.

Reference

http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html
http://www.securityfocus.com/bid/3521
http://www.iss.net/security_center/static/7494.php

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

15-07-2021 - 20:37

Objavljeno

31-12-2001 - 05:00