Vulnerability Details CVE-2001-0962
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 76.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html
- http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html
- http://www.osvdb.org/5492
- http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7153
- http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html
- http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html
- http://www.osvdb.org/5492
- http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7153
Products affected by CVE-2001-0962
-
cpe:2.3:a:ibm:websphere_application_server:-
-
cpe:2.3:a:ibm:websphere_application_server:2.0
-
cpe:2.3:a:ibm:websphere_application_server:3.0
-
cpe:2.3:a:ibm:websphere_application_server:3.0.0.3
-
cpe:2.3:a:ibm:websphere_application_server:3.0.2
-
cpe:2.3:a:ibm:websphere_application_server:3.0.2.1
-
cpe:2.3:a:ibm:websphere_application_server:3.0.2.2
-
cpe:2.3:a:ibm:websphere_application_server:3.0.2.3
-
cpe:2.3:a:ibm:websphere_application_server:3.0.2.4
-
cpe:2.3:a:ibm:websphere_application_server:3.0.21
-
cpe:2.3:a:ibm:websphere_application_server:3.0.9.20
-
cpe:2.3:a:ibm:websphere_application_server:3.5
-
cpe:2.3:a:ibm:websphere_application_server:3.5.1
-
cpe:2.3:a:ibm:websphere_application_server:3.5.2
-
cpe:2.3:a:ibm:websphere_application_server:3.5.3
-
cpe:2.3:a:ibm:websphere_commerce_suite:3.1.2
-
cpe:2.3:a:ibm:websphere_commerce_suite:3.2