futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2009-01-02 10:11
Updated : 2009-02-25 23:05
NVD link : CVE-2008-5809
Mitre link : CVE-2008-5809
JSON object : View
CWE
CWE-287
Improper Authentication
Products Affected
futomi
- access_analyzer_cgi