6 matches found
EUVD-2010-0248
Malware in sbrugna...
CVE-2010-0217 - Zeacom Chat Server JSESSIONID weak SessionID Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Packetninjas L.L.C www.packetninjas.net -= Security Advisory =- Advisory: Zeacom Chat Server JSESSIONID weak SessionID Vulnerability Release Date: unknown Last Modified: 09/27/2010 Author: Daniel Clemens daniel.clemensatpacketninjas.net Application:...
CVE-2010-0217
Zeacom Chat Server before 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote attackers to hijack sessions or cause a denial of service Chat Server crash or Tomcat daemon crash via a brute-force attack...
Design/Logic Flaw
Zeacom Chat Server before 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote attackers to hijack sessions or cause a denial of service Chat Server crash or Tomcat daemon crash via a brute-force attack...
CVE-2010-0217
Zeacom Chat Server before 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote attackers to hijack sessions or cause a denial of service Chat Server crash or Tomcat daemon crash via a brute-force attack...
CVE-2010-0217
Zeacom Chat Server (before 5.1) uses a short JSESSIONID, giving low entropy and enabling brute-force session hijacking or a potential DoS via server crash. The root cause is weak session management in the web-chat component, with a 10-character JSESSIONID described as providing only about 9 bits ...