CVE-2011-3424 - Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer In

CVE-2011-3424

Summary

Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to hijack web sessions via unspecified vectors. Per: http://cwe.mitre.org/data/definitions/384.html 'CWE-384: Session Fixation'

References

Vulnerable Configurations

cpe:2.3:a:tibco:managed_file_transfer_command_center:6.7:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_command_center:6.7:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_command_center:7.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_command_center:7.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_command_center:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_command_center:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_command_center:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_command_center:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_internet_server:6.7:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_internet_server:6.7:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_internet_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_internet_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_internet_server:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_internet_server:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_internet_server:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:managed_file_transfer_internet_server:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:slingshot:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:slingshot:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:slingshot:1.8:*:*:*:*:*:*:*
cpe:2.3:a:tibco:slingshot:1.8:*:*:*:*:*:*:*
cpe:2.3:a:tibco:slingshot:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:slingshot:1.8.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 29-08-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	49619
confirm	http://www.tibco.com/multimedia/mft-slingshot_advisory_20110913_tcm8-14340.txt http://www.tibco.com/services/support/advisories/mft-slingshot-advisory_20110913.jsp
osvdb	75397
sectrack	1026051
secunia	45976
xf	managed-file-session-hijacking(69805)

Last major update

29-08-2017 - 01:30

Published

19-09-2011 - 12:02

Last modified

29-08-2017 - 01:30