CWE-384
AllowedSession Fixation
Abstraction: Compound · Status: Incomplete
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
547 vulnerabilities reference this CWE, most recent first.
CVE-2019-10158 (GCVE-0-2019-10158)
Vulnerability from cvelistv5 – Published: 2020-01-02 14:28 – Updated: 2025-02-13 16:27| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://github.com/infinispan/infinispan/pull/6960 | x_refsource_CONFIRM |
| https://github.com/infinispan/infinispan/pull/7025 | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2023122… |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | infinispan |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:09.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10158"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/infinispan/infinispan/pull/6960"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/infinispan/infinispan/pull/7025"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231227-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "infinispan",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-27T15:06:25.431Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10158"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/infinispan/infinispan/pull/6960"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/infinispan/infinispan/pull/7025"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231227-0009/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-10158",
"datePublished": "2020-01-02T14:28:44.000Z",
"dateReserved": "2019-03-27T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:20.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6584 (GCVE-0-2019-6584)
Vulnerability from cvelistv5 – Published: 2019-06-12 13:47 – Updated: 2024-08-04 20:23- CWE-384 - Session Fixation
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens AG | SIEMENS LOGO!8 |
Affected:
6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx
|
|
| Siemens AG | SIEMENS LOGO!8 |
Affected:
6ED1052-xyy08-0BA0 FS:01 / Firmware version < V1.82.02
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:22.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIEMENS LOGO!8",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx"
}
]
},
{
"product": "SIEMENS LOGO!8",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "6ED1052-xyy08-0BA0 FS:01 / Firmware version \u003c V1.82.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version \u003c V1.82.02). The integrated webserver does not invalidate the Session ID upon user logout. An attacker that successfully extracted a valid Session ID is able to use it even after the user logs out. The security vulnerability could be exploited by an attacker in a privileged network position who is able to read the communication between the affected device and the user or by an attacker who is able to obtain valid Session IDs through other means. The user must invoke a session to the affected device. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-12T13:47:57.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-6584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIEMENS LOGO!8",
"version": {
"version_data": [
{
"version_value": "6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx"
}
]
}
},
{
"product_name": "SIEMENS LOGO!8",
"version": {
"version_data": [
{
"version_value": "6ED1052-xyy08-0BA0 FS:01 / Firmware version \u003c V1.82.02"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIEMENS LOGO!8 (6ED1052-xyyxx-0BA8 FS:01 to FS:06 / Firmware version V1.80.xx and V1.81.xx), SIEMENS LOGO!8 (6ED1052-xyy08-0BA0 FS:01 / Firmware version \u003c V1.82.02). The integrated webserver does not invalidate the Session ID upon user logout. An attacker that successfully extracted a valid Session ID is able to use it even after the user logs out. The security vulnerability could be exploited by an attacker in a privileged network position who is able to read the communication between the affected device and the user or by an attacker who is able to obtain valid Session IDs through other means. The user must invoke a session to the affected device. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384: Session Fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-774850.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-6584",
"datePublished": "2019-06-12T13:47:57.000Z",
"dateReserved": "2019-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:23:22.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3784 (GCVE-0-2019-3784)
Vulnerability from cvelistv5 – Published: 2019-03-07 19:00 – Updated: 2024-09-16 18:56- CWE-384 - Session Fixation
| URL | Tags |
|---|---|
| https://www.cloudfoundry.org/blog/cve-2019-3784 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Cloud Foundry | Stratos |
Affected:
All , < 2.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3784"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Stratos",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "2.3.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-07T18:57:02.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3784"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cloud Foundry Stratos contains a Session Collision Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-02-19T17:15:40.000Z",
"ID": "CVE-2019-3784",
"STATE": "PUBLIC",
"TITLE": "Cloud Foundry Stratos contains a Session Collision Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Stratos",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "2.3.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Stratos, versions prior to 2.3.0, contains an insecure session that can be spoofed. When deployed on cloud foundry with multiple instances using the default embedded SQLite database, a remote authenticated malicious user can switch sessions to another user with the same session id."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384: Session Fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2019-3784",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-3784"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3784",
"datePublished": "2019-03-07T19:00:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:56:08.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3783 (GCVE-0-2019-3783)
Vulnerability from cvelistv5 – Published: 2019-03-07 19:00 – Updated: 2024-09-16 23:15- CWE-384 - Session Fixation
| URL | Tags |
|---|---|
| https://www.cloudfoundry.org/blog/cve-2019-3783 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Cloud Foundry | Stratos |
Affected:
All , < 2.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3783"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Stratos",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "2.3.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user\u0027s current Stratos session, and act on behalf of that user."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-07T18:57:02.000Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3783"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cloud Foundry Stratos Deploys With Public Default Session Store Secret",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-02-19T17:15:39.000Z",
"ID": "CVE-2019-3783",
"STATE": "PUBLIC",
"TITLE": "Cloud Foundry Stratos Deploys With Public Default Session Store Secret"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Stratos",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "2.3.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user\u0027s current Stratos session, and act on behalf of that user."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384: Session Fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2019-3783",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-3783"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3783",
"datePublished": "2019-03-07T19:00:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:15:59.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1807 (GCVE-0-2019-1807)
Vulnerability from cvelistv5 – Published: 2019-05-03 16:25 – Updated: 2024-11-20 17:23| URL | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Umbrella |
Affected:
unspecified , < n/a
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:28:42.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190501 Cisco Umbrella Dashboard Session Management Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-udb-sm"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-1807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T16:55:11.879045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T17:23:19.248Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Umbrella",
"vendor": "Cisco",
"versions": [
{
"lessThan": "n/a",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-05-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user session. The vulnerability exists due to the affected application not invalidating an existing session when a user authenticates to the application and changes the users credentials via another authenticated session. An attacker could exploit this vulnerability by using a separate, authenticated, active session to connect to the application through the web UI. A successful exploit could allow the attacker to maintain access to the dashboard via an authenticated user\u0027s browser session. Cisco has addressed this vulnerability in the Cisco Umbrella Dashboard. No user action is required."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-03T16:25:25.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190501 Cisco Umbrella Dashboard Session Management Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-udb-sm"
}
],
"source": {
"advisory": "cisco-sa-20190501-udb-sm",
"defect": [
[
"CSCvo03940"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Umbrella Dashboard Session Management Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-05-01T16:00:00-0700",
"ID": "CVE-2019-1807",
"STATE": "PUBLIC",
"TITLE": "Cisco Umbrella Dashboard Session Management Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Umbrella",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the session management functionality of the web UI for the Cisco Umbrella Dashboard could allow an authenticated, remote attacker to access the Dashboard via an active, user session. The vulnerability exists due to the affected application not invalidating an existing session when a user authenticates to the application and changes the users credentials via another authenticated session. An attacker could exploit this vulnerability by using a separate, authenticated, active session to connect to the application through the web UI. A successful exploit could allow the attacker to maintain access to the dashboard via an authenticated user\u0027s browser session. Cisco has addressed this vulnerability in the Cisco Umbrella Dashboard. No user action is required."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "7.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190501 Cisco Umbrella Dashboard Session Management Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-udb-sm"
}
]
},
"source": {
"advisory": "cisco-sa-20190501-udb-sm",
"defect": [
[
"CSCvo03940"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1807",
"datePublished": "2019-05-03T16:25:25.486Z",
"dateReserved": "2018-12-06T00:00:00.000Z",
"dateUpdated": "2024-11-20T17:23:19.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0062 (GCVE-0-2019-0062)
Vulnerability from cvelistv5 – Published: 2019-10-09 19:26 – Updated: 2024-09-16 22:50- CWE-384 - Session Fixation
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA10961 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
12.3 , < 12.3R12-S15
(custom)
|
|
| Juniper Networks | Junos OS |
Affected:
12.3X48 , < 12.3X48-D85
(custom)
Affected: 15.1X49 , < 15.1X49-D180 (custom) |
|
| Juniper Networks | Junos OS |
Affected:
14.1X53 , < 14.1X53-D51
(custom)
Affected: 15.1 , < 15.1F6-S13, 15.1R7-S5 (custom) Affected: 15.1X53 , < 15.1X53-D238 (custom) Affected: 16.1 , < 16.1R4-S13, 16.1R7-S5 (custom) Affected: 16.2 , < 16.2R2-S10 (custom) Affected: 17.1 , < 17.1R3-S1 (custom) Affected: 17.2 , < 17.2R2-S8, 17.2R3-S3 (custom) Affected: 17.3 , < 17.3R3-S5 (custom) Affected: 17.4 , < 17.4R2-S8, 17.4R3 (custom) Affected: 18.1 , < 18.1R3-S8 (custom) Affected: 18.2 , < 18.2R3 (custom) Affected: 18.3 , < 18.3R3 (custom) Affected: 18.4 , < 18.4R2 (custom) Affected: 19.1 , < 19.1R1-S2, 19.1R2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA10961"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"EX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3R12-S15",
"status": "affected",
"version": "12.3",
"versionType": "custom"
}
]
},
{
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3X48-D85",
"status": "affected",
"version": "12.3X48",
"versionType": "custom"
},
{
"lessThan": "15.1X49-D180",
"status": "affected",
"version": "15.1X49",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "14.1X53-D51",
"status": "affected",
"version": "14.1X53",
"versionType": "custom"
},
{
"lessThan": "15.1F6-S13, 15.1R7-S5",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "15.1X53-D238",
"status": "affected",
"version": "15.1X53",
"versionType": "custom"
},
{
"lessThan": "16.1R4-S13, 16.1R7-S5",
"status": "affected",
"version": "16.1",
"versionType": "custom"
},
{
"lessThan": "16.2R2-S10",
"status": "affected",
"version": "16.2",
"versionType": "custom"
},
{
"lessThan": "17.1R3-S1",
"status": "affected",
"version": "17.1",
"versionType": "custom"
},
{
"lessThan": "17.2R2-S8, 17.2R3-S3",
"status": "affected",
"version": "17.2",
"versionType": "custom"
},
{
"lessThan": "17.3R3-S5",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S8, 17.4R3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S8",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.3R3",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S2, 19.1R2",
"status": "affected",
"version": "19.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "This issue requires J-Web to be enabled on the device.\n\nThe examples of the config stanza affected by this issue:\n system services web-management http\n system services web-management https"
}
],
"credits": [
{
"lang": "en",
"value": "Farid Heydari"
}
],
"datePublic": "2019-10-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S5; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T19:26:17.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA10961"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S15*, 12.3X48-D85, 14.1X53-D51, 15.1F6-S13, 15.1R7-S5, 15.1X49-D180, 15.1X53-D238, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S5, 17.4R2-S8, 17.4R3*, 18.1R3-S8*, 18.2R3, 18.3R3, 18.4R2, 19.1R1-S2, 19.1R2, 19.2R1, and all subsequent releases.\n*pending publication"
}
],
"source": {
"advisory": "JSA10961",
"defect": [
"1410401"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS: Session fixation vulnerability in J-Web",
"workarounds": [
{
"lang": "en",
"value": "Use access control lists or firewall filters to limit access to Junos J-Web interface to only trusted users and networks to reduce risks of exploitation of this vulnerability.\n\nUsing common BCPs of safe web browsing such as not clicking on links in email or other media would reduce risks of exploitation of this vulnerability.\n\nDisabling J-Web would completely prevent any exploitation of this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2019-10-09T16:00:00.000Z",
"ID": "CVE-2019-0062",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Session fixation vulnerability in J-Web"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "EX Series",
"version_affected": "\u003c",
"version_name": "12.3",
"version_value": "12.3R12-S15"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "12.3X48",
"version_value": "12.3X48-D85"
},
{
"version_affected": "\u003c",
"version_name": "14.1X53",
"version_value": "14.1X53-D51"
},
{
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1F6-S13, 15.1R7-S5"
},
{
"platform": "SRX Series",
"version_affected": "\u003c",
"version_name": "15.1X49",
"version_value": "15.1X49-D180"
},
{
"version_affected": "\u003c",
"version_name": "15.1X53",
"version_value": "15.1X53-D238"
},
{
"version_affected": "\u003c",
"version_name": "16.1",
"version_value": "16.1R4-S13, 16.1R7-S5"
},
{
"version_affected": "\u003c",
"version_name": "16.2",
"version_value": "16.2R2-S10"
},
{
"version_affected": "\u003c",
"version_name": "17.1",
"version_value": "17.1R3-S1"
},
{
"version_affected": "\u003c",
"version_name": "17.2",
"version_value": "17.2R2-S8, 17.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S8, 17.4R3"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S8"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R3"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S2, 19.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "This issue requires J-Web to be enabled on the device.\n\nThe examples of the config stanza affected by this issue:\n system services web-management http\n system services web-management https"
}
],
"credit": [
{
"lang": "eng",
"value": "Farid Heydari"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A session fixation vulnerability in J-Web on Junos OS may allow an attacker to use social engineering techniques to fix and hijack a J-Web administrators web session and potentially gain administrative access to the device. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15 on EX Series; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1 versions prior to 15.1F6-S13, 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S5; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-384 Session Fixation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10961",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10961"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S15*, 12.3X48-D85, 14.1X53-D51, 15.1F6-S13, 15.1R7-S5, 15.1X49-D180, 15.1X53-D238, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S5, 17.4R2-S8, 17.4R3*, 18.1R3-S8*, 18.2R3, 18.3R3, 18.4R2, 19.1R1-S2, 19.1R2, 19.2R1, and all subsequent releases.\n*pending publication"
}
],
"source": {
"advisory": "JSA10961",
"defect": [
"1410401"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Use access control lists or firewall filters to limit access to Junos J-Web interface to only trusted users and networks to reduce risks of exploitation of this vulnerability.\n\nUsing common BCPs of safe web browsing such as not clicking on links in email or other media would reduce risks of exploitation of this vulnerability.\n\nDisabling J-Web would completely prevent any exploitation of this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2019-0062",
"datePublished": "2019-10-09T19:26:17.658Z",
"dateReserved": "2018-10-11T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:50:43.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17902 (GCVE-0-2018-17902)
Vulnerability from cvelistv5 – Published: 2018-10-12 14:00 – Updated: 2024-09-16 18:34- CWE-384 - SESSION FIXATION CWE-384
| URL | Tags |
|---|---|
| https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf | x_refsource_CONFIRM |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Yokogawa | STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500 |
Affected:
All versions R4.10 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
"vendor": "Yokogawa",
"versions": [
{
"status": "affected",
"version": "All versions R4.10 and prior"
}
]
}
],
"datePublic": "2018-09-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "SESSION FIXATION CWE-384",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T13:57:02.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-28T00:00:00",
"ID": "CVE-2018-17902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
"version": {
"version_data": [
{
"version_value": "All versions R4.10 and prior"
}
]
}
}
]
},
"vendor_name": "Yokogawa"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The application utilizes multiple methods of session management which could result in a denial of service to the remote management functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SESSION FIXATION CWE-384"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-17902",
"datePublished": "2018-10-12T14:00:00.000Z",
"dateReserved": "2018-10-02T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:34:00.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16495 (GCVE-0-2018-16495)
Vulnerability from cvelistv5 – Published: 2021-05-26 18:46 – Updated: 2024-08-05 10:24- CWE-384 - Session Fixation (CWE-384)
| URL | Tags |
|---|---|
| https://hackerone.com/reports/1168192 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1168192"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Versa VOS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed Versions: 16.1R2S11, 20.2.2, 21.1.1, 21.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "Session Fixation (CWE-384)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T18:46:08.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1168192"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2018-16495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Versa VOS",
"version": {
"version_data": [
{
"version_value": "Fixed Versions: 16.1R2S11, 20.2.2, 21.1.1, 21.2.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session Fixation (CWE-384)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/1168192",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1168192"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2018-16495",
"datePublished": "2021-05-26T18:46:08.000Z",
"dateReserved": "2018-09-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:24:32.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16463 (GCVE-0-2018-16463)
Vulnerability from cvelistv5 – Published: 2018-10-30 21:00 – Updated: 2024-08-05 10:24- CWE-384 - Session Fixation (CWE-384)
| URL | Tags |
|---|---|
| https://nextcloud.com/security/advisory/?id=NC-SA… | x_refsource_MISC |
| https://hackerone.com/reports/237184 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Nextcloud Server |
Affected:
<14.0.0, <13.0.3, <12.0.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-013"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/237184"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nextcloud Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "\u003c14.0.0, \u003c13.0.3, \u003c12.0.8"
}
]
}
],
"datePublic": "2018-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "Session Fixation (CWE-384)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-30T20:57:01.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-013"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/237184"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2018-16463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nextcloud Server",
"version": {
"version_data": [
{
"version_value": "\u003c14.0.0, \u003c13.0.3, \u003c12.0.8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session Fixation (CWE-384)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-013",
"refsource": "MISC",
"url": "https://nextcloud.com/security/advisory/?id=NC-SA-2018-013"
},
{
"name": "https://hackerone.com/reports/237184",
"refsource": "MISC",
"url": "https://hackerone.com/reports/237184"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2018-16463",
"datePublished": "2018-10-30T21:00:00.000Z",
"dateReserved": "2018-09-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:24:32.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-13282 (GCVE-0-2018-13282)
Vulnerability from cvelistv5 – Published: 2018-10-31 16:00 – Updated: 2024-09-16 20:07- CWE-384 - Session Fixation (CWE-384)
| URL | Tags |
|---|---|
| https://www.synology.com/en-global/support/securi… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Synology | Photo Station |
Affected:
unspecified , < 6.8.7-3481
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:00:34.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/en-global/support/security/Synology_SA_18_37"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Photo Station",
"vendor": "Synology",
"versions": [
{
"lessThan": "6.8.7-3481",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "Session Fixation (CWE-384)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T15:57:01.000Z",
"orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"shortName": "synology"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/en-global/support/security/Synology_SA_18_37"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-13282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photo Station",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "6.8.7-3481"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Session Fixation (CWE-384)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/en-global/support/security/Synology_SA_18_37",
"refsource": "CONFIRM",
"url": "https://www.synology.com/en-global/support/security/Synology_SA_18_37"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01",
"assignerShortName": "synology",
"cveId": "CVE-2018-13282",
"datePublished": "2018-10-31T16:00:00.000Z",
"dateReserved": "2018-07-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:07:10.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Invalidate any existing session identifiers prior to authorizing a new user session.
Mitigation
For platforms such as ASP that do not generate new values for sessionid cookies, utilize a secondary cookie. In this approach, set a secondary cookie on the user's browser to a random value and set a session variable to the same value. If the session variable and the cookie value ever don't match, invalidate the session, and force the user to log on again.
Mitigation MIT-29
Strategy: Firewall
Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-196: Session Credential Falsification through Forging
An attacker creates a false but functional session credential in order to gain or usurp access to a service. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. If an attacker is able to forge valid session credentials they may be able to bypass authentication or piggy-back off some other authenticated user's session. This attack differs from Reuse of Session IDs and Session Sidejacking attacks in that in the latter attacks an attacker uses a previous or existing credential without modification while, in a forging attack, the attacker must create their own credential, although it may be based on previously observed credentials.
CAPEC-21: Exploitation of Trusted Identifiers
An adversary guesses, obtains, or "rides" a trusted identifier (e.g. session ID, resource ID, cookie, etc.) to perform authorized actions under the guise of an authenticated user or service.
CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies
This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie's content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information.
CAPEC-39: Manipulating Opaque Client-based Data Tokens
In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If client or server-side application components reinterpret that data as authentication tokens or data (such as store item pricing or wallet information) then even opaquely manipulating that data may bear fruit for an Attacker. In this pattern an attacker undermines the assumption that client side tokens have been adequately protected from tampering through use of encryption or obfuscation.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
CAPEC-60: Reusing Session IDs (aka Session Replay)
This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
CAPEC-61: Session Fixation
The attacker induces a client to establish a session with the target software using a session identifier provided by the attacker. Once the user successfully authenticates to the target software, the attacker uses the (now privileged) session identifier in their own transactions. This attack leverages the fact that the target software either relies on client-generated session identifiers or maintains the same session identifiers after privilege elevation.