Lucene search

[email protected]CVE-2007-2546

HistoryMay 09, 2007 - 10:19 a.m.

CVE-2007-2546

2007-05-0910:19:00

CWE-287

[email protected]

web.nvd.nist.gov

cve

session fixation

smf

security vulnerability

nvd

7.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.7%

JSON

Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

CPENameOperatorVersion
simple_machines:simple_machines_forumsimple machines simple machines forumle1.1.2

CPE	Name	Operator	Version
simple_machines:simple_machines_forum	simple machines simple machines forum	le	1.1.2

References

osvdb.org/35705

secunia.com/advisories/25139

securityreason.com/securityalert/2676

www.majorsecurity.de/index_2.php?major_rls=major_rls47

www.securityfocus.com/archive/1/467748/100/0/threaded

www.securityfocus.com/archive/1/471414/100/0/threaded

www.securityfocus.com/bid/24482

7.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.7%

JSON

Related for CVE-2007-2546

prion1 cvelist1