1. CVE-Search
  2. CVE-2001-0962
ID CVE-2001-0962
Summary IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
References
Vulnerable Configurations
  • cpe:2.3:a:ibm:websphere_application_server:-:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:-:*:*:*:liberty:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:-:*:*:*:liberty:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:-:*:*:*:library:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:-:*:*:*:library:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:-:-:*:*:*:z\/os:*:*
    cpe:2.3:a:ibm:websphere_application_server:-:-:*:*:*:z\/os:*:*
  • cpe:2.3:a:ibm:websphere_application_server:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:3.0.0.3:-:community:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:3.0.0.3:-:community:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:3.0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:3.0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:3.0.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:3.0.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:3.0.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:3.0.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:3.0.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:3.0.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:3.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:3.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_application_server:3.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_application_server:3.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_commerce_suite:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_commerce_suite:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:ibm:websphere_commerce_suite:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:websphere_commerce_suite:3.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 10-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq
  • 20010919 Websphere cookie/sessionid predictable
  • 20010928 Re: Websphere cookie/sessionid predictable
confirm http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p
osvdb 5492
xf ibm-websphere-seq-predict(7153)
Last major update 10-10-2017 - 01:29
Published 19-09-2001 - 04:00
Last modified 10-10-2017 - 01:29
Back to Top