NVD

Id
29913  
Name
CVE-2014-1219  
Description
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.  
Reject
 
CVSS Version
2  
CVSS Score
5.1  
Severity
Medium  
CVSS Base Score
5.1  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-02-14  
Modified Date
2014-02-21  
Seq
2014-1219  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
157699 29913 CVE-2014-1219 http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1219/  View
157700 29913 CVE-2014-1219 65537  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
12532 JVNDB-2014-001407 CA 2E Web Option におけるセッションをハイジャックされる脆弱性 CA 2E Web Option は、完全なトークンの代わりに W2E_SSNID セッショントークンの予測可能なサブストリングを受け付けるため、セッションをハイジャックされる脆弱性が存在します。 CVE-2014-1219 68505 CVE-2014-1219 29913 5.1 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-001407.html 2014-02-11 2014-02-17 View