CVE-2012-1238 - Session fixation vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack web sess

CVE-2012-1238

Summary

Session fixation vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack web sessions via unspecified vectors. Per: http://cwe.mitre.org/data/definitions/384.html 'CWE-384: Session Fixation'

References

http://jvn.jp/en/jp/JVN97200417/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000030
http://oss.icz.co.jp/news/?p=501
http://osvdb.org/81020
http://www.securityfocus.com/bid/52900

Vulnerable Configurations

cpe:2.3:a:icz:sencha_sns:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:icz:sencha_sns:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:icz:sencha_sns:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:icz:sencha_sns:1.0.1:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 20-11-2012 - 04:42)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	52900
confirm	http://oss.icz.co.jp/news/?p=501
jvn	JVN#97200417
jvndb	JVNDB-2012-000030
osvdb	81020

Last major update

20-11-2012 - 04:42

Published

06-04-2012 - 18:55

Last modified

20-11-2012 - 04:42