Lucene search

K
jvnJapan Vulnerability NotesJVN:07468800
HistoryDec 12, 2008 - 12:00 a.m.

JVN#07468800 Predictable session ID vulnerability in Access Analyzer CGI by futomi's CGI Cafe

2008-12-1200:00:00
Japan Vulnerability Notes
jvn.jp
17

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS

0.003

Percentile

70.8%

Access Analyzer CGI provided by futomi’s CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a predictable session ID vulnerability.

Impact

A remote attacker could impersonate an administrator of Access Analyzer CGI. As a result, a remote attacker could view access analysis results of the website where the software resides.

Solution

Update the Software
Update to the latest version according to the information provided by the vendor.

Products Affected

  • Access Analyzer CGI Standard Version, Ver 4.0.1 and earlier
  • Access Analyzer CGI Professional Version, Ver 4.11.3 and earlier

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS

0.003

Percentile

70.8%

Related for JVN:07468800