CVE-2014-10399

Опубликовано: 06 фев. 2020

Источник: debian

Описание

The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
lua-cgi	not-affected			package

Примечания

https://seclists.org/fulldisclosure/2014/Apr/318

Связанные уязвимости

CVE-2014-10399

CVSS3: 6.1

nvd

около 6 лет назад

The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.

GHSA-c7cg-9753-48v4

github

больше 3 лет назад

The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.