CVE-2010-0217
Zeacom Chat Server (before 5.1) uses a short JSESSIONID, giving low entropy and enabling brute-force session hijacking or a potential DoS via server crash. The root cause is weak session management in the web-chat component, with a 10-character JSESSIONID described as providing only about 9 bits ...