Lucene search

[email protected]CVE-2014-9386

HistoryDec 15, 2014 - 6:59 p.m.

CVE-2014-9386

2014-12-1518:59:28

[email protected]

web.nvd.nist.gov

cve-2014-9386

zenoss core

security vulnerability

session hijacking

nvd

zen-12691

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.0%

JSON

Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack sessions by leveraging an unattended workstation, aka ZEN-12691.

Affected configurations

NVD

Node

zenosszenoss_coreRange≤4.2.5

zenosszenoss_coreMatch2.4.0

zenosszenoss_coreMatch2.4.5

zenosszenoss_coreMatch2.5.0

zenosszenoss_coreMatch2.5.1

zenosszenoss_coreMatch2.5.2

zenosszenoss_coreMatch3.0.0

zenosszenoss_coreMatch3.0.1

zenosszenoss_coreMatch3.0.2

zenosszenoss_coreMatch3.0.3

zenosszenoss_coreMatch3.1.0

zenosszenoss_coreMatch3.2.0

zenosszenoss_coreMatch3.2.1

zenosszenoss_coreMatch4.2.0

zenosszenoss_coreMatch4.2.3

zenosszenoss_coreMatch4.2.4

CPENameOperatorVersion
zenoss:zenoss_corezenoss zenoss corele4.2.5
zenoss:zenoss_corezenoss zenoss coreeq2.4.0
zenoss:zenoss_corezenoss zenoss coreeq2.4.5
zenoss:zenoss_corezenoss zenoss coreeq2.5.0
zenoss:zenoss_corezenoss zenoss coreeq2.5.1
zenoss:zenoss_corezenoss zenoss coreeq2.5.2
zenoss:zenoss_corezenoss zenoss coreeq3.0.0
zenoss:zenoss_corezenoss zenoss coreeq3.0.1
zenoss:zenoss_corezenoss zenoss coreeq3.0.2
zenoss:zenoss_corezenoss zenoss coreeq3.0.3

CPE	Name	Operator	Version
zenoss:zenoss_core	zenoss zenoss core	le	4.2.5
zenoss:zenoss_core	zenoss zenoss core	eq	2.4.0
zenoss:zenoss_core	zenoss zenoss core	eq	2.4.5
zenoss:zenoss_core	zenoss zenoss core	eq	2.5.0
zenoss:zenoss_core	zenoss zenoss core	eq	2.5.1
zenoss:zenoss_core	zenoss zenoss core	eq	2.5.2
zenoss:zenoss_core	zenoss zenoss core	eq	3.0.0
zenoss:zenoss_core	zenoss zenoss core	eq	3.0.1
zenoss:zenoss_core	zenoss zenoss core	eq	3.0.2
zenoss:zenoss_core	zenoss zenoss core	eq	3.0.3

Rows per page:

1-10 of 161

References

www.kb.cert.org/vuls/id/449452

docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.0%

JSON

Related for CVE-2014-9386

nvd2 prion2 cvelist1 cve1