Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0944

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0944
Last Modified 05 Sep 2008 04:39:52
Published 28 Feb 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0944

Summary

The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie.

Vulnerable Systems


References

MISC - http://www.niscc.gov.uk/niscc/docs/re-20050228-00178.pdf?lang=en

CONFIRM - http://www.mitel.com/DocController?documentId=14223

MISC - http://www.corsaire.com/advisories/c040817-002.txt


Last Updated: 27 May 2016 10:38:49