Lucene search

[email protected]CVE-2007-3988

HistoryJul 25, 2007 - 6:30 p.m.

CVE-2007-3988

2007-07-2518:30:00

CWE-287

[email protected]

web.nvd.nist.gov

session fixation

vhcs

vulnerability

phpsessid

hijack web sessions

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.6%

JSON

Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

Affected configurations

NVD

Node

virtual_hosting_control_systemvirtual_hosting_control_systemRange≤2.4.7.1

CPENameOperatorVersion
virtual_hosting_control_system:virtual_hosting_control_systemvirtual hosting control systemle2.4.7.1

CPE	Name	Operator	Version
virtual_hosting_control_system:virtual_hosting_control_system	virtual hosting control system	le	2.4.7.1

References

secunia.com/advisories/26142

securityreason.com/securityalert/2926

www.majorsecurity.de/index_2.php?major_rls=major_rls51

www.securityfocus.com/archive/1/474324/100/0/threaded

www.securityfocus.com/bid/25006

exchange.xforce.ibmcloud.com/vulnerabilities/35548

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.6%

JSON

Related for CVE-2007-3988

nvd1 nessus1 prion1 cvelist1