Описание
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:broadcom:2e_web_option:r8.1.2:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.06129
Низкий
5.1 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.
EPSS
Процентиль: 91%
0.06129
Низкий
5.1 Medium
CVSS2
Дефекты
CWE-20