ID |
CVE-2011-3424
|
Summary |
Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to hijack web sessions via unspecified vectors. Per: http://cwe.mitre.org/data/definitions/384.html
'CWE-384: Session Fixation' |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:tibco:managed_file_transfer_command_center:6.7:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_command_center:6.7:*:*:*:*:*:*:*
-
cpe:2.3:a:tibco:managed_file_transfer_command_center:7.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_command_center:7.0:*:*:*:*:*:*:*
-
cpe:2.3:a:tibco:managed_file_transfer_command_center:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_command_center:7.0.1:*:*:*:*:*:*:*
-
cpe:2.3:a:tibco:managed_file_transfer_command_center:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_command_center:7.1.0:*:*:*:*:*:*:*
-
cpe:2.3:a:tibco:managed_file_transfer_internet_server:6.7:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_internet_server:6.7:*:*:*:*:*:*:*
-
cpe:2.3:a:tibco:managed_file_transfer_internet_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_internet_server:7.0:*:*:*:*:*:*:*
-
cpe:2.3:a:tibco:managed_file_transfer_internet_server:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_internet_server:7.0.1:*:*:*:*:*:*:*
-
cpe:2.3:a:tibco:managed_file_transfer_internet_server:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_internet_server:7.1.0:*:*:*:*:*:*:*
-
cpe:2.3:a:tibco:slingshot:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:slingshot:1.7.0:*:*:*:*:*:*:*
-
cpe:2.3:a:tibco:slingshot:1.8:*:*:*:*:*:*:*
cpe:2.3:a:tibco:slingshot:1.8:*:*:*:*:*:*:*
-
cpe:2.3:a:tibco:slingshot:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:slingshot:1.8.0:*:*:*:*:*:*:*
|
CVSS |
Base: | 4.3 (as of 29-08-2017 - 01:30) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
PARTIAL |
NONE |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
refmap
via4
|
bid | 49619 | confirm | | osvdb | 75397 | sectrack | 1026051 | secunia | 45976 | xf | managed-file-session-hijacking(69805) |
|
Last major update |
29-08-2017 - 01:30 |
Published |
19-09-2011 - 12:02 |
Last modified |
29-08-2017 - 01:30 |