CVE-2009-1629

critical

Description

ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/50464

http://www.securityfocus.com/bid/34903

http://www.securityfocus.com/archive/1/503421/100/0/threaded

http://secunia.com/advisories/42784

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052655.html

Details

Source: Mitre, NVD

Published: 2009-05-14

Updated: 2018-10-10

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Severity: Critical