Cross site scripting

2014-12-1518:59:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.9%

JSON

Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack sessions by leveraging an unattended workstation, aka ZEN-12691.

CPENameOperatorVersion
zenoss_coreeq3.0.2
zenoss_coreeq2.4.0
zenoss_coreeq3.1.0
zenoss_coreeq2.5.2
zenoss_coreeq3.2.1
zenoss_coreeq4.2.4
zenoss_coreeq2.4.5
zenoss_coreeq2.5.0
zenoss_coreeq2.5.1
zenoss_coreeq3.2.0

Name	Operator	Version
zenoss_core	eq	3.0.2
zenoss_core	eq	2.4.0
zenoss_core	eq	3.1.0
zenoss_core	eq	2.5.2
zenoss_core	eq	3.2.1
zenoss_core	eq	4.2.4
zenoss_core	eq	2.4.5
zenoss_core	eq	2.5.0
zenoss_core	eq	2.5.1
zenoss_core	eq	3.2.0

Rows per page:

1-10 of 161

References

www.kb.cert.org/vuls/id/449452

docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing