5 matches found
CVE-2014-10399
The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875...
CVE-2014-10400
The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875...
CVE-2014-10400
The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875...
CVE-2014-10399
In CGILua, CVE-2014-10399 stems from the session.lua library using non-unique/weak session IDs across sessions. CGILua 5.1.x creates identical IDs per session, enabling remote hijacking; CGILua 5.0.x uses sequential IDs; 5.2 alpha releases also generate weak IDs. The vulnerability allows session ...
CVE-2014-2875
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID...