Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1219

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2014-1219
Last Modified 21 Feb 2014 12:06:31
Published 14 Feb 2014 08:10:48
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2014-1219

Summary

CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.

Vulnerable Systems

Application

  • Ca 2e Web Option R8.1.2


References

MISC - http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1219/

BID - 65537


Last Updated: 27 May 2016 10:58:37