mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
References
Link | Resource |
---|---|
http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html | Broken Link |
http://www.iss.net/security_center/static/7494.php | Broken Link |
http://www.securityfocus.com/bid/3521 | Third Party Advisory VDB Entry |
Configurations
History
15 Jul 2021, 20:37
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-384 | |
CPE | cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:* |
|
References | (BID) http://www.securityfocus.com/bid/3521 - Third Party Advisory, VDB Entry | |
References | (BUGTRAQ) http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html - Broken Link | |
References | (XF) http://www.iss.net/security_center/static/7494.php - Broken Link |
Information
Published : 2001-12-31 05:00
Updated : 2024-02-04 16:31
NVD link : CVE-2001-1534
Mitre link : CVE-2001-1534
CVE.ORG link : CVE-2001-1534
JSON object : View
Products Affected
apache
- http_server
CWE
CWE-384
Session Fixation