CVE-2009-1629
CVSS V2 Medium 6.8
CVSS V3 None
Description
ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.
Overview
- CVE ID
- CVE-2009-1629
- Assigner
- cve@mitre.org
- Vulnerability Status
- Modified
- Published Version
- 2009-05-14T17:30:00
- Last Modified Date
- 2018-10-10T19:37:31
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:antony_lesuisse:ajaxterm:*:*:*:*:*:*:*:* | 1 | OR | 0.10 | |
| cpe:2.3:a:antony_lesuisse:ajaxterm:0.6:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:antony_lesuisse:ajaxterm:0.7:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:antony_lesuisse:ajaxterm:0.8:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:antony_lesuisse:ajaxterm:0.9:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- Access Vector
- NETWORK
- Access Compatibility
- MEDIUM
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- PARTIAL
- Base Score
- 6.8
- Severity
- MEDIUM
- Exploitability Score
- 8.6
- Impact Score
- 6.4
References
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2009-1629 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1629 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 18:32:49 | Added to TrackCVE |