EUVD-2006-5915

Malware in sbrugna...

Kahua vulnerable in allowing to share login sessions

Overview Kahua is an open source application development and runtime environment server. Kahua contains a vulnerability which allows the sharing of sessions among multiple applications which are referring to different user databases. Impact A remote attacker could possibly take over the user...

CVE-2006-5932

Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authenticated users to obtain unauthorized access if different databases assign the same username to...

CVE-2006-5932

Kahua before 0.7, when running multiple applications under a single supervisor, grants application access on the basis of username instead of username and database name, which allows remote authenticated users to obtain unauthorized access if different databases assign the same username to...

CVE-2006-5932

Kahua (before version 0.7) is vulnerable to cross-application session sharing when multiple applications run under a single supervisor. The root cause is that access is granted based on username alone, not the combination of username and database name, enabling a remote authenticated user to acce...

JVN#34522909 Kahua vulnerable in allowing to share login sessions

Impact A remote attacker could possibly take over the user privileges and manipulate applications when several user databases are in use. If a multiple applications of Kahua refer to different user database, a user could log into multiple applications which results in a login session to be shared...