Vulnerability Details CVE-2009-2165
SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://jvn.jp/en/jp/JVN20689557/index.html
- http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000035.html
- http://secunia.com/advisories/35335
- http://serenebach.net/log/sb221R.html
- http://www.securityfocus.com/bid/35254
- http://jvn.jp/en/jp/JVN20689557/index.html
- http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000035.html
- http://secunia.com/advisories/35335
- http://serenebach.net/log/sb221R.html
- http://www.securityfocus.com/bid/35254
Products affected by CVE-2009-2165
-
cpe:2.3:a:serendipitynz:serene_bach:*
-
cpe:2.3:a:serendipitynz:serene_bach:1.18r
-
cpe:2.3:a:serendipitynz:serene_bach:1.19r
-
cpe:2.3:a:serendipitynz:serene_bach:2.05r
-
cpe:2.3:a:serendipitynz:serene_bach:2.08d
-
cpe:2.3:a:serendipitynz:serene_bach:2.09r
-
cpe:2.3:a:serendipitynz:serene_bach:3.00