Описание
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
Ссылки
- Broken Link
- Broken Link
- Third Party AdvisoryVDB Entry
- Broken Link
- Broken Link
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия от 1.3.11 (включая) до 1.3.20 (включая)
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00146
Низкий
2.1 Low
CVSS2
Дефекты
CWE-384
Связанные уязвимости
debian
больше 23 лет назад
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's u ...
github
около 3 лет назад
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
EPSS
Процентиль: 36%
0.00146
Низкий
2.1 Low
CVSS2
Дефекты
CWE-384