Описание
Plone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | DNE | |
| edgy | ignored | end of life, was needs-triage |
| feisty | ignored | end of life, was needs-triage |
| gutsy | ignored | end of life, was needs-triage |
| hardy | ignored | end of life |
| intrepid | ignored | end of life, was needs-triage |
| jaunty | DNE | |
| karmic | DNE | |
| lucid | DNE |
Показывать по
10
Ссылки на источники
EPSS
Процентиль: 55%
0.00327
Низкий
4.3 Medium
CVSS2
Связанные уязвимости
nvd
больше 17 лет назад
Plone CMS 3.x uses invariant data (a client username and a server secret) when calculating an HMAC-SHA1 value for an authentication cookie, which makes it easier for remote attackers to gain permanent access to an account by sniffing the network.
debian
больше 17 лет назад
Plone CMS 3.x uses invariant data (a client username and a server secr ...
EPSS
Процентиль: 55%
0.00327
Низкий
4.3 Medium
CVSS2