Lucene search
K

4 matches found

NVD
NVD
added 2011/05/20 10:55 p.m.20 views

CVE-2010-0217

Zeacom Chat Server before 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote attackers to hijack sessions or cause a denial of service Chat Server crash or Tomcat daemon crash via a brute-force attack...

5.8CVSS6.6AI score0.01282EPSS
Exploits1References5
Prion
Prion
added 2011/05/20 10:55 p.m.14 views

Design/Logic Flaw

Zeacom Chat Server before 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote attackers to hijack sessions or cause a denial of service Chat Server crash or Tomcat daemon crash via a brute-force attack...

5.8CVSS7.2AI score0.01282EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2011/05/20 10:0 p.m.51 views

CVE-2010-0217

Zeacom Chat Server (before 5.1) uses a short JSESSIONID, giving low entropy and enabling brute-force session hijacking or a potential DoS via server crash. The root cause is weak session management in the web-chat component, with a 10-character JSESSIONID described as providing only about 9 bits ...

5.8CVSS6.8AI score0.01282EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2005/04/14 4:0 a.m.14 views

CVE-2002-1351

Buffer overflow in Melange Chat System 1.10 allows remote attackers to cause a denial of service chat server crash and possibly execute arbitrary code via the msgText buffer in the chatInterpretData function, as demonstrated via a long Nick nickname request...

8.1AI score0.05761EPSS
Exploits1References4
Rows per page
Query Builder