Lucene search

[email protected]NVD:CVE-2014-2875

HistoryFeb 06, 2020 - 4:15 p.m.

CVE-2014-2875

2020-02-0616:15:11

CWE-307

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.6%

JSON

The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID.

Affected configurations

NVD

Node

keplerprojectcgiluaRange5.0.0–5.0.1

keplerprojectcgiluaRange5.1.0–5.1.4

keplerprojectcgiluaMatch5.2alpha1

keplerprojectcgiluaMatch5.2alpha2

References

seclists.org/fulldisclosure/2014/Apr/318

www.securityfocus.com/archive/1/531981/100/0/threaded

www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.6%

JSON

Related for NVD:CVE-2014-2875

prion3 debiancve3 cve3 cvelist3 nvd2 securityvulns2