Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3424

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-3424
Last Modified 10 Jul 2013 04:06:57
Published 19 Sep 2011 08:02:57
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3424

Summary

Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to hijack web sessions via unspecified vectors.

Vulnerable Systems

Application

  • Tibco Managed File Transfer Command Center 6.7

  • Tibco Managed File Transfer Command Center 7.0

  • Tibco Managed File Transfer Command Center 7.0.1

  • Tibco Managed File Transfer Command Center 7.1.0

  • Tibco Managed File Transfer Internet Server 6.7

  • Tibco Managed File Transfer Internet Server 7.0

  • Tibco Managed File Transfer Internet Server 7.0.1

  • Tibco Managed File Transfer Internet Server 7.1.0

  • Tibco Slingshot 1.8.0


References

XF - managed-file-session-hijacking(69805)

CONFIRM - http://www.tibco.com/services/support/advisories/mft-slingshot-advisory_20110913.jsp

CONFIRM - http://www.tibco.com/multimedia/mft-slingshot_advisory_20110913_tcm8-14340.txt

BID - 49619

OSVDB - 75397

SECTRACK - 1026051

SECUNIA - 45976


Last Updated: 27 May 2016 10:57:42