Lucene search
CertccCVE-2010-0217HistoryMay 20, 2011 - 10:55 p.m.
CVE-2010-0217
2011-05-2022:55:01
CWE-310
certcc
web.nvd.nist.gov
31
zeacom chat server
cve-2010-0217
vulnerability
remote attackers
hijack sessions
denial of service
chat server crash
tomcat daemon crash
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
6.8
Confidence
High
EPSS
0.006
Percentile
79.2%
Zeacom Chat Server before 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote attackers to hijack sessions or cause a denial of service (Chat Server crash or Tomcat daemon crash) via a brute-force attack.
Affected configurations
Node
zeacomchat_serverRange≤5.0sp4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zeacom | chat_server | * | cpe:2.3:a:zeacom:chat_server:*:sp4:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2011-05-20 22:55:00
cvelist
cvelist
CVE-2010-0217
2011-05-20 22:00:00
securityvulns
securityvulns
nvd
nvd
CVE-2010-0217
2011-05-20 22:55:01
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
6.8
Confidence
High
EPSS
0.006
Percentile
79.2%
Related for CVE-2010-0217