Lucene search
K

6 matches found

Prion
Prion
added 2020/02/06 4:15 p.m.15 views

Code injection

The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875...

4.3CVSS6.2AI score0.01631EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2020/02/06 4:15 p.m.16 views

Code injection

The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875...

4.3CVSS6.3AI score0.01631EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2020/02/06 3:26 p.m.15 views

CVE-2014-10400

The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875...

6.1CVSS6.2AI score0.01248EPSS
Exploits0
CVE
CVE
added 2020/02/06 3:26 p.m.47 views

CVE-2014-2875

CVE-2014-2875 refers to the session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2, which uses weak session IDs generated from OS time. This allows remote attackers to hijack arbitrary sessions via brute-force guessing. The issue is documented as a split from CVE-2014-10399 and CVE-2014-10400....

6.1CVSS6.1AI score0.01631EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2020/02/06 3:26 p.m.13 views

CVE-2014-2875

The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID...

6.1CVSS6.2AI score0.01631EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.79 views

Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability

Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability Advisory-ID: 201404301 Discovery Date: 03.27.2014 Release Date: 04.30.2014 Affected Applications: CGILua 5.0.x, CGILua 5.1.x., CGILua 5.2 alpha 1 & CGILua 5.2 alpha 2 Class: Predictable Session ID Status: Unpatched/Vendor...

6.2AI score0.01631EPSS
Exploits0
Rows per page
Query Builder