Vulnerability Details CVE-2014-10400
The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.0%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://seclists.org/fulldisclosure/2014/Apr/318
- http://www.securityfocus.com/archive/1/531981/100/0/threaded
- http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid
- http://seclists.org/fulldisclosure/2014/Apr/318
- http://www.securityfocus.com/archive/1/531981/100/0/threaded
- http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid
Products affected by CVE-2014-10400
-
cpe:2.3:a:keplerproject:cgilua:5.0.0
-
cpe:2.3:a:keplerproject:cgilua:5.0.1
-
cpe:2.3:a:keplerproject:cgilua:5.1.0
-
cpe:2.3:a:keplerproject:cgilua:5.1.4
-
cpe:2.3:a:keplerproject:cgilua:5.2