Lucene search

[email protected]CVE-2007-1953

HistoryApr 11, 2007 - 1:19 a.m.

CVE-2007-1953

2007-04-1101:19:00

CWE-287

[email protected]

web.nvd.nist.gov

session fixation

onelook

courts

online

remote attackers

web sessions

phpsessid cookie

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.6%

JSON

Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.

CPENameOperatorVersion
onelook:courts_onlineonelook courts onlineeq*

CPE	Name	Operator	Version
onelook:courts_online	onelook courts online	eq	*

References

www.majorsecurity.de/index_2.php?major_rls=major_rls41

www.securityfocus.com/archive/1/464887/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/33502

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.6%

JSON

Related for CVE-2007-1953

prion1 securityvulns1