Lucene search

[email protected]CVE-2007-2719

HistoryMay 16, 2007 - 7:28 p.m.

CVE-2007-2719

2007-05-1619:28:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2007-2719

session fixation

hp systems insight manager

sim 4.2

sim 5.0

remote attack

jsessionid cookie

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.6%

JSON

Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie.

Affected configurations

NVD

Node

hpsystems_insight_managerMatch4.2

hpsystems_insight_managerMatch5.0sp4

hpsystems_insight_managerMatch5.0sp5

CPENameOperatorVersion
hp:systems_insight_managerhp systems insight managereq4.2
hp:systems_insight_managerhp systems insight managereq5.0

CPE	Name	Operator	Version
hp:systems_insight_manager	hp systems insight manager	eq	4.2
hp:systems_insight_manager	hp systems insight manager	eq	5.0

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01049713

osvdb.org/36061

secunia.com/advisories/25275

www.acrossecurity.com/aspr/ASPR-2007-05-14-1-PUB.txt

www.securityfocus.com/archive/1/468974/100/0/threaded

www.securityfocus.com/bid/23988

www.securitytracker.com/id?1018062

www.vupen.com/english/advisories/2007/1823

exchange.xforce.ibmcloud.com/vulnerabilities/34303

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.6%

JSON

Related for CVE-2007-2719

prion1 nvd1 cvelist1