PT-2010-2492 · Wikyblog · Wikyblog

Indoushka

Published

2010-02-27

Updated

2017-08-17

CVE-2010-0756

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions WikyBlog version 1.7.3 rc2

Description The issue allows remote attackers to hijack web sessions. This can be achieved by setting the jsessionid parameter to specific API endpoints, such as "index.php/Comment/Main", "index.php/Comment/Main/Home Wiky", or "index.php/Edit/Main".

Recommendations For WikyBlog version 1.7.3 rc2, consider restricting access to the jsessionid parameter in the mentioned API endpoints as a temporary workaround until a patch is available. Avoid using the jsessionid parameter in the affected API endpoints until the issue is resolved.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2010-0756

Affected Products

Wikyblog

PT-2010-2492 · Wikyblog · Wikyblog

CVE-2010-0756

Weakness Enumeration

Related Identifiers

Affected Products

References · 6