RSS   Podatności dla 'Cgilua'   RSS

2020-02-06
 
CVE-2014-2875

CWE-307
 

 
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10300 and CVE-2014-10400 were SPLIT from this ID.

 
 
CVE-2014-10400

CWE-384
 

 
The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.

 
 
CVE-2014-10399

CWE-384
 

 
The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.

 


Copyright 2024, cxsecurity.com

 

Back to Top