Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by keplerproject
CVE-2014-10400 (GCVE-0-2014-10400)
Vulnerability from cvelistv5 – Published: 2020-02-06 15:26 – Updated: 2024-08-06 14:10
VLAI
EPSS
VEX
Summary
The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2014/Apr/318 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/531981/100… | x_refsource_MISC |
| http://www.syhunt.com/en/index.php?n=Advisories.C… | x_refsource_MISC |
Date Public
2014-04-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:10:54.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-06T15:26:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2014/Apr/318",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"name": "http://www.securityfocus.com/archive/1/531981/100/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"name": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid",
"refsource": "MISC",
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-10400",
"datePublished": "2020-02-06T15:26:31.000Z",
"dateReserved": "2020-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:10:54.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-10399 (GCVE-0-2014-10399)
Vulnerability from cvelistv5 – Published: 2020-02-06 15:26 – Updated: 2024-08-06 14:10
VLAI
EPSS
VEX
Summary
The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2014/Apr/318 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/531981/100… | x_refsource_MISC |
| http://www.syhunt.com/en/index.php?n=Advisories.C… | x_refsource_MISC |
Date Public
2014-04-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:10:54.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-06T15:26:29.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2014/Apr/318",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"name": "http://www.securityfocus.com/archive/1/531981/100/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"name": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid",
"refsource": "MISC",
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-10399",
"datePublished": "2020-02-06T15:26:29.000Z",
"dateReserved": "2020-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:10:54.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2875 (GCVE-0-2014-2875)
Vulnerability from cvelistv5 – Published: 2020-02-06 15:26 – Updated: 2024-08-06 10:28
VLAI
EPSS
VEX
Summary
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2014/Apr/318 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/531981/100… | x_refsource_MISC |
| http://www.syhunt.com/en/index.php?n=Advisories.C… | x_refsource_MISC |
Date Public
2014-04-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-06T15:16:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2014/Apr/318",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"name": "http://www.securityfocus.com/archive/1/531981/100/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"name": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid",
"refsource": "MISC",
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2875",
"datePublished": "2020-02-06T15:26:27.000Z",
"dateReserved": "2014-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:28:46.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-10400 (GCVE-0-2014-10400)
Vulnerability from nvd – Published: 2020-02-06 15:26 – Updated: 2024-08-06 14:10
VLAI
EPSS
VEX
Summary
The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2014/Apr/318 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/531981/100… | x_refsource_MISC |
| http://www.syhunt.com/en/index.php?n=Advisories.C… | x_refsource_MISC |
Date Public
2014-04-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:10:54.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-06T15:26:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2014/Apr/318",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"name": "http://www.securityfocus.com/archive/1/531981/100/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"name": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid",
"refsource": "MISC",
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-10400",
"datePublished": "2020-02-06T15:26:31.000Z",
"dateReserved": "2020-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:10:54.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-10399 (GCVE-0-2014-10399)
Vulnerability from nvd – Published: 2020-02-06 15:26 – Updated: 2024-08-06 14:10
VLAI
EPSS
VEX
Summary
The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2014/Apr/318 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/531981/100… | x_refsource_MISC |
| http://www.syhunt.com/en/index.php?n=Advisories.C… | x_refsource_MISC |
Date Public
2014-04-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:10:54.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-06T15:26:29.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2014/Apr/318",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"name": "http://www.securityfocus.com/archive/1/531981/100/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"name": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid",
"refsource": "MISC",
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-10399",
"datePublished": "2020-02-06T15:26:29.000Z",
"dateReserved": "2020-02-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:10:54.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2875 (GCVE-0-2014-2875)
Vulnerability from nvd – Published: 2020-02-06 15:26 – Updated: 2024-08-06 10:28
VLAI
EPSS
VEX
Summary
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2014/Apr/318 | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/531981/100… | x_refsource_MISC |
| http://www.syhunt.com/en/index.php?n=Advisories.C… | x_refsource_MISC |
Date Public
2014-04-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-06T15:16:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2014/Apr/318",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2014/Apr/318"
},
{
"name": "http://www.securityfocus.com/archive/1/531981/100/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/531981/100/0/threaded"
},
{
"name": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid",
"refsource": "MISC",
"url": "http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionid"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2875",
"datePublished": "2020-02-06T15:26:27.000Z",
"dateReserved": "2014-04-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:28:46.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}