CVE-2009-2165

2022-10-0316:24:07

mitre

www.cve.org

serendipitynz session hijack vulnerability

simpleboxes

predictable session id

6.6 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

79.8%

JSON

SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.

References

jvn.jp/en/jp/JVN20689557/index.html

jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000035.html

secunia.com/advisories/35335

serenebach.net/log/sb221R.html

www.securityfocus.com/bid/35254