Lucene search

[email protected]CVE-2007-2978

HistoryJun 01, 2007 - 1:30 a.m.

CVE-2007-2978

2007-06-0101:30:00

CWE-59

[email protected]

web.nvd.nist.gov

cve-2007-2978

session fixation

eggblog

remote attackers

web sessions

phpsessid

7.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.2%

JSON

Session fixation vulnerability in eggblog 3.1.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

CPENameOperatorVersion
eggblog:eggblogeggblogle3.1.0

CPE	Name	Operator	Version
eggblog:eggblog	eggblog	le	3.1.0

References

osvdb.org/36734

secunia.com/advisories/25443

securityreason.com/securityalert/2756

www.majorsecurity.de/index_2.php?major_rls=major_rls48

www.securityfocus.com/archive/1/469888/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/34549

7.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.2%

JSON

Related for CVE-2007-2978

prion1 cvelist1