PT-2009-4617 · Serendipity · Serendipity

Published

2009-06-22

Updated

2009-06-26

CVE-2009-2165

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SerendipityNZ (aka SimpleBoxes) Serene Bach versions 2.20R and earlier SerendipityNZ (aka SimpleBoxes) Serene Bach versions 3.00 beta023 and earlier

Description The issue allows remote attackers to hijack sessions due to the use of a predictable session id.

Recommendations For versions 2.20R and earlier, update to a version later than 2.20R to resolve the issue. For versions 3.00 beta023 and earlier, update to a version later than 3.00 beta023 to resolve the issue. As a temporary workaround, consider regenerating session ids regularly until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2009-2165

Affected Products

Serendipity

PT-2009-4617 · Serendipity · Serendipity

CVE-2009-2165

Related Identifiers

Affected Products

References · 6