4 matches found
CVE-2010-0217
Zeacom Chat Server before 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote attackers to hijack sessions or cause a denial of service Chat Server crash or Tomcat daemon crash via a brute-force attack...
Design/Logic Flaw
Zeacom Chat Server before 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote attackers to hijack sessions or cause a denial of service Chat Server crash or Tomcat daemon crash via a brute-force attack...
CVE-2010-0217
Zeacom Chat Server (before 5.1) uses a short JSESSIONID, giving low entropy and enabling brute-force session hijacking or a potential DoS via server crash. The root cause is weak session management in the web-chat component, with a 10-character JSESSIONID described as providing only about 9 bits ...
CVE-2002-1351
Buffer overflow in Melange Chat System 1.10 allows remote attackers to cause a denial of service chat server crash and possibly execute arbitrary code via the msgText buffer in the chatInterpretData function, as demonstrated via a long Nick nickname request...