CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-10399

The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.0%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

http://seclists.org/fulldisclosure/2014/Apr/318
http://www.securityfocus.com/archive/1/531981/100/0/threaded
http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid
http://seclists.org/fulldisclosure/2014/Apr/318
http://www.securityfocus.com/archive/1/531981/100/0/threaded
http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid

Products affected by CVE-2014-10399

Keplerproject » Cgilua » Version: 5.0.0

cpe:2.3:a:keplerproject:cgilua:5.0.0
Keplerproject » Cgilua » Version: 5.0.1

cpe:2.3:a:keplerproject:cgilua:5.0.1
Keplerproject » Cgilua » Version: 5.1.0

cpe:2.3:a:keplerproject:cgilua:5.1.0
Keplerproject » Cgilua » Version: 5.1.4

cpe:2.3:a:keplerproject:cgilua:5.1.4
Keplerproject » Cgilua » Version: 5.2

cpe:2.3:a:keplerproject:cgilua:5.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-10399

Products

Pricing

Contact Us