Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1629

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-1629
Last Modified 19 Jan 2011 01:47:41
Published 14 May 2009 01:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1629

Summary

ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.

Vulnerable Systems

Application

  • Antony Lesuisse Ajaxterm 0.10

  • Antony Lesuisse Ajaxterm 0.6

  • Antony Lesuisse Ajaxterm 0.7

  • Antony Lesuisse Ajaxterm 0.8

  • Antony Lesuisse Ajaxterm 0.9


References

XF - ajaxterm-ajaxterm-session-hijacking(50464)

BID - 34903

BUGTRAQ - 20090511 [oCERT-2009-004] AjaxTerm session id collision

MLIST - [oss-security] 20090511 [oCERT-2009-004] AjaxTerm session id collision

MISC - http://www.ocert.org/advisories/ocert-2009-004.html

SECUNIA - 42784

FEDORA - FEDORA-2010-18867


Last Updated: 27 May 2016 10:50:37