CVE-2001-1534

mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

History

15 Jul 2021, 20:37

Type Values Removed Values Added
CWE NVD-CWE-Other CWE-384
CPE cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
References (BID) http://www.securityfocus.com/bid/3521 - (BID) http://www.securityfocus.com/bid/3521 - Third Party Advisory, VDB Entry
References (BUGTRAQ) http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html - (BUGTRAQ) http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html - Broken Link
References (XF) http://www.iss.net/security_center/static/7494.php - (XF) http://www.iss.net/security_center/static/7494.php - Broken Link

Information

Published : 2001-12-31 05:00

Updated : 2024-02-04 16:31


NVD link : CVE-2001-1534

Mitre link : CVE-2001-1534

CVE.ORG link : CVE-2001-1534


JSON object : View

Products Affected

apache

  • http_server
CWE
CWE-384

Session Fixation