2 matches found
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9385, CVE-2014-9386. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-9385 and CVE-2014-9386 to determine which ID is appropriate. All reference...
CVE-2014-9386
CVE-2014-9386 affects Zenoss Core before 4.2.5 SP161. The issue is an infinite lifetime for the session ID cookie, enabling potential session hijacking by an attacker with access to an unattended workstation. The CVE description notes the root cause is the cookie’s unlimited lifetime, which can l...