CVE-2014-10400

Sažetak

The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.

Reference

http://seclists.org/fulldisclosure/2014/Apr/318
http://www.securityfocus.com/archive/1/531981/100/0/threaded
http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-02-2020 - 16:59

Objavljeno

06-02-2020 - 16:15