CA 2E Web Option session spooging

Pridictable session token...

CA 2E Web Option 8.1.2身份验证绕过漏洞

CVECAN ID: CVE-2014-1219 CA 2E Web Option是CA 2E应用Web接口开发工具。 CA 2E Web Option r8.1.2生成会议令牌的方式可以预测，在实现上存在安全漏洞，这可使远程攻击者绕过身份验证机制。 0 CA 2E Web Option 8.1.2 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.ca.com/us//media/files/productbriefs/cs3003-ca-2e-web-option.aspx Vulnerability title:...

CVE-2014-1219

CA 2E Web Option r8.1.2 accepts a predictable substring of a W2ESSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to...

Code injection

CA 2E Web Option r8.1.2 accepts a predictable substring of a W2ESSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to...

CVE-2014-1219

CA 2E Web Option (r8.1.2) is affected by CVE-2014-1219 due to a predictable session token, W2E_SSNID, enabling unauthenticated privilege escalation by manipulating the end digits to hijack or terminate sessions. Affected product/version: CA 2E Web Option r8.1.2 (and potentially others). Root caus...

CVE-2014-1219

CA 2E Web Option r8.1.2 accepts a predictable substring of a W2ESSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to...

CA 2E Web Option 8.1.2 - Authentication Bypass

CA 2E Web Option 8.1.2 - Authentication Bypass Vulnerability title: Unauthenticated Privilege Escalation in CA 2E Web Option CVE: CVE-2014-1219 Vendor: CA Product: 2E Web Option Affected version: 8.1.2 Fixed version: N/A Reported by: Mike Emery Details: CA 2E Web Option r8.1.2 and potentially...

CA 2E Web Option 8.1.2 - Authentication Bypass Vulnerability

Exploit for multiple platform in category web applications Details: CA 2E Web Option r8.1.2 and potentially others, is vulnerable to unauthenticated privilege escalation via a predictable session token. The POST parameter session token W2ESSNID appears as follows:...

CA 2E Web Option 8.1.2 - Authentication Bypass

Vulnerability title: Unauthenticated Privilege Escalation in CA 2E Web Option CVE: CVE-2014-1219 Vendor: CA Product: 2E Web Option Affected version: 8.1.2 Fixed version: N/A Reported by: Mike Emery Details: CA 2E Web Option r8.1.2 and potentially others, is vulnerable to unauthenticated privilege...

CA 2E Web Option 8.1.2 Privilege Escalation / Denial Of Service

This is a multi-part message in MIME format. ------=NextPart00101CF280B.6C29886A Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Vulnerability title: Unauthenticated Privilege Escalation in CA 2E Web Option CVE: CVE-2014-1219 Vendor: CA Product: 2E Web...