PT-2017-7803 · Alt Linux Team+1 · Alt Linux

Published

2017-03-03

Updated

2017-06-13

CVE-2016-10205

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Zoneminder versions 1.30 and earlier ALT Linux (affected versions not specified)

Description The issue allows remote attackers to hijack web sessions. This is achieved via the ZMSESSID cookie.

Recommendations For Zoneminder versions 1.30 and earlier, update to a version later than 1.30 to resolve the issue. For ALT Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

ALT-PU-2017-1721

CVE-2016-10205

MGASA-2017-0162

Affected Products

Alt Linux

PT-2017-7803 · Alt Linux Team+1 · Alt Linux

CVE-2016-10205

Weakness Enumeration

Related Identifiers

Affected Products

References · 36