Lucene search

[email protected]CVE-2001-0962

HistorySep 19, 2001 - 4:00 a.m.

CVE-2001-0962

2001-09-1904:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

ibm

websphere

application server

session ids

cve-2001-0962

remote attacks

nvd

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.1%

JSON

IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.

CPENameOperatorVersion
ibm:websphere_commerce_suiteibm websphere commerce suiteeq3.2
ibm:websphere_application_serveribm websphere application serverle3.5.3
ibm:websphere_commerce_suiteibm websphere commerce suiteeq3.1.2

CPE	Name	Operator	Version
ibm:websphere_commerce_suite	ibm websphere commerce suite	eq	3.2
ibm:websphere_application_server	ibm websphere application server	le	3.5.3
ibm:websphere_commerce_suite	ibm websphere commerce suite	eq	3.1.2

References

archives.neohapsis.com/archives/bugtraq/2001-09/0234.html

www.osvdb.org/5492

www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p

exchange.xforce.ibmcloud.com/vulnerabilities/7153

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.016 Low

EPSS

Percentile

87.1%

JSON