CVE-2007-2719

Sažetak

Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie.

Reference

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01049713
http://osvdb.org/36061
http://secunia.com/advisories/25275
http://www.acrossecurity.com/aspr/ASPR-2007-05-14-1-PUB.txt
http://www.securityfocus.com/archive/1/468974/100/0/threaded
http://www.securityfocus.com/bid/23988
http://www.securitytracker.com/id?1018062
http://www.vupen.com/english/advisories/2007/1823
https://exchange.xforce.ibmcloud.com/vulnerabilities/34303

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

16-10-2018 - 16:45

Objavljeno

16-05-2007 - 19:28