CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-2875

The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.7%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

http://seclists.org/fulldisclosure/2014/Apr/318
http://www.securityfocus.com/archive/1/531981/100/0/threaded
http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid
http://seclists.org/fulldisclosure/2014/Apr/318
http://www.securityfocus.com/archive/1/531981/100/0/threaded
http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid

Products affected by CVE-2014-2875

Keplerproject » Cgilua » Version: 5.0.0

cpe:2.3:a:keplerproject:cgilua:5.0.0
Keplerproject » Cgilua » Version: 5.0.1

cpe:2.3:a:keplerproject:cgilua:5.0.1
Keplerproject » Cgilua » Version: 5.1.0

cpe:2.3:a:keplerproject:cgilua:5.1.0
Keplerproject » Cgilua » Version: 5.1.4

cpe:2.3:a:keplerproject:cgilua:5.1.4
Keplerproject » Cgilua » Version: 5.2

cpe:2.3:a:keplerproject:cgilua:5.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-2875

Products

Pricing

Contact Us