Описание
ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.
ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2009-1629
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50464
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052655.html
- http://secunia.com/advisories/42784
- http://www.ocert.org/advisories/ocert-2009-004.html
- http://www.openwall.com/lists/oss-security/2009/05/11/1
- http://www.securityfocus.com/archive/1/503421/100/0/threaded
- http://www.securityfocus.com/bid/34903
Связанные уязвимости
ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.
ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.
ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.
ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with pr ...
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации