Lucene search
Veracode Vulnerability DatabaseVERACODE:3809HistoryMar 31, 2017 - 1:41 a.m.
Session Fixation Attacks
2017-03-3101:41:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
1
0.002 Low
EPSS
Percentile
64.8%
CloudFoundry User Account and Authentication (UAA) is vulnerable to session fixation attacks. These attacks are possible when UAA is configured to authenticate against OpenID Connect or external SAML based identity providers.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.cloudfoundry.identity:cloudfoundry-identity-common | le | 2.7.4.9 | |
| uaa server | eq | 3.10.0 | |
| uaa server | le | 3.9.1 | |
| uaa server | le | 3.4.5 | |
| uaa | eq | 3.10.0 | |
| uaa | le | 2.7.4.9 | |
| uaa | le | 3.9.1 | |
| uaa | le | 3.4.4 |
References
Related
prion
prion
Session fixation
2017-06-13 06:29:00
cve
cve
CVE-2017-4963
2017-06-13 06:29:00
cloudfoundry
cloudfoundry
osv
osv
CVE-2017-4963
2017-06-13 06:29:00
cvelist
cvelist
CVE-2017-4963
2017-06-13 06:00:00
nvd
nvd
CVE-2017-4963
2017-06-13 06:29:00