CVE-2001-0962

IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p
http://www.osvdb.org/5492
http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7153

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:websphere_commerce_suite:3.2:::::::*
	cpe:2.3:a:ibm:websphere_application_server::::::::
	cpe:2.3:a:ibm:websphere_commerce_suite:3.1.2:::::::*

Information

Published : 2001-09-18 21:00

Updated : 2017-10-09 18:29

NVD link : CVE-2001-0962

Mitre link : CVE-2001-0962

JSON object : View

CWE

NVD-CWE-Other

Products Affected

ibm

websphere_application_server
websphere_commerce_suite

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p", "name": "http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.osvdb.org/5492", "name": "5492", "tags": [], "refsource": "OSVDB"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html", "name": "20010928 Re: Websphere cookie/sessionid predictable", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7153", "name": "ibm-websphere-seq-predict(7153)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2001-0962", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2001-09-19T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:websphere_commerce_suite:3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.5.3"}, {"cpe23Uri": "cpe:2.3:a:ibm:websphere_commerce_suite:3.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-10T01:29Z"}

7.5 /10