PT-2009-4617 · Serendipity · Serendipity

Publicado

2009-06-22

Atualizado

2009-06-26

CVE-2009-2165

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SerendipityNZ (aka SimpleBoxes) Serene Bach versions 2.20R and earlier SerendipityNZ (aka SimpleBoxes) Serene Bach versions 3.00 beta023 and earlier

Description The issue allows remote attackers to hijack sessions due to the use of a predictable session id.

Recommendations For versions 2.20R and earlier, update to a version later than 2.20R to resolve the issue. For versions 3.00 beta023 and earlier, update to a version later than 3.00 beta023 to resolve the issue. As a temporary workaround, consider regenerating session ids regularly until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2009-2165

Produtos afetados

Serendipity

PT-2009-4617 · Serendipity · Serendipity

CVE-2009-2165

Identificadores relacionados

Produtos afetados

Referências · 6