Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0962

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-0962
Last Modified 07 Mar 2011 09:06:24
Published 19 Sep 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-0962

Summary

IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.

Vulnerable Systems

Application

  • Ibm Websphere Application Server 3.5.3

  • Ibm Websphere Commerce Suite 3.1.2

  • Ibm Websphere Commerce Suite 3.2


References

XF - ibm-websphere-seq-predict(7153)

BUGTRAQ - 20010919 Websphere cookie/sessionid predictable

CONFIRM - http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p

OSVDB - 5492

BUGTRAQ - 20010928 Re: Websphere cookie/sessionid predictable


Last Updated: 27 May 2016 10:50:02