CVE-2001-1534

mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

History

20 Nov 2024, 23:37

Type Values Removed Values Added
References () http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html - Broken Link () http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html - Broken Link
References () http://www.iss.net/security_center/static/7494.php - Broken Link () http://www.iss.net/security_center/static/7494.php - Broken Link
References () http://www.securityfocus.com/bid/3521 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/3521 - Third Party Advisory, VDB Entry

Information

Published : 2001-12-31 05:00

Updated : 2024-11-20 23:37


NVD link : CVE-2001-1534

Mitre link : CVE-2001-1534

CVE.ORG link : CVE-2001-1534


JSON object : View

Products Affected

apache

  • http_server
CWE
CWE-384

Session Fixation