Lucene search

Veracode Vulnerability DatabaseVERACODE:26342

HistoryAug 18, 2020 - 2:03 a.m.

Session Fixation

2020-08-1802:03:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON

wildfly-elytron is vulnerable to session fixation. The vulnerability exists when using FORM authentication.

CPENameOperatorVersion
eap7-jboss-jsf-api_2.3_speceq3.0.0__3.SP02_redhat_00001.1.el6eap
eap7-jboss-jsf-api_2.3_speceq3.0.0__2.SP01_redhat_00001.1.el8eap
eap7-jboss-jsf-api_2.3_speceq2.3.5__5.SP2_redhat_00003.1.el8eap
eap7-jboss-jsf-api_2.3_speceq2.3.5__3.SP2_redhat_00001.1.el7eap
eap7-jboss-jsf-api_2.3_speceq3.0.0__2.SP01_redhat_00001.1.el6eap
eap7-jboss-jsf-api_2.3_speceq3.0.0__2.SP01_redhat_00001.1.el7eap
eap7-jboss-jsf-api_2.3_speceq3.0.0__3.SP02_redhat_00001.1.el8eap
eap7-jboss-jsf-api_2.3_speceq3.0.0__3.SP02_redhat_00001.1.el7eap
eap7-jboss-jsf-api_2.3_speceq2.3.5__5.SP2_redhat_00003.1.el6eap
eap7-jboss-jsf-api_2.3_speceq2.3.5__3.SP2_redhat_00001.1.el6eap

Name	Operator	Version
eap7-jboss-jsf-api_2.3_spec	eq	3.0.0__3.SP02_redhat_00001.1.el6eap
eap7-jboss-jsf-api_2.3_spec	eq	3.0.0__2.SP01_redhat_00001.1.el8eap
eap7-jboss-jsf-api_2.3_spec	eq	2.3.5__5.SP2_redhat_00003.1.el8eap
eap7-jboss-jsf-api_2.3_spec	eq	2.3.5__3.SP2_redhat_00001.1.el7eap
eap7-jboss-jsf-api_2.3_spec	eq	3.0.0__2.SP01_redhat_00001.1.el6eap
eap7-jboss-jsf-api_2.3_spec	eq	3.0.0__2.SP01_redhat_00001.1.el7eap
eap7-jboss-jsf-api_2.3_spec	eq	3.0.0__3.SP02_redhat_00001.1.el8eap
eap7-jboss-jsf-api_2.3_spec	eq	3.0.0__3.SP02_redhat_00001.1.el7eap
eap7-jboss-jsf-api_2.3_spec	eq	2.3.5__5.SP2_redhat_00003.1.el6eap
eap7-jboss-jsf-api_2.3_spec	eq	2.3.5__3.SP2_redhat_00001.1.el6eap

Rows per page:

1-10 of 16321

References

access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/

access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/

access.redhat.com/errata/RHSA-2020:3461

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1825714

issues.redhat.com/browse/JBEAP-18793

issues.redhat.com/browse/JBEAP-19095

issues.redhat.com/browse/JBEAP-19134

issues.redhat.com/browse/JBEAP-19185

issues.redhat.com/browse/JBEAP-19203

issues.redhat.com/browse/JBEAP-19205

issues.redhat.com/browse/JBEAP-19269

issues.redhat.com/browse/JBEAP-19322

issues.redhat.com/browse/JBEAP-19325

issues.redhat.com/browse/JBEAP-19397

issues.redhat.com/browse/JBEAP-19409

issues.redhat.com/browse/JBEAP-19529

issues.redhat.com/browse/JBEAP-19564

issues.redhat.com/browse/JBEAP-19585

issues.redhat.com/browse/JBEAP-19617

issues.redhat.com/browse/JBEAP-19619

issues.redhat.com/browse/JBEAP-19673

issues.redhat.com/browse/JBEAP-19674

issues.redhat.com/browse/JBEAP-19874

security.netapp.com/advisory/ntap-20201223-0002/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:26342