Showing 1 - 1 of 1

CVE-2014-2875

Status Candidate

Overview

The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID.

Related Files

CGILua 5.x Predictable Session Identifier: Posted May 1, 2014; Authored by Felipe Daragon | Site syhunt.com; A vulnerability in the session library that ships with CGILua since version 5.0 beta may allow remote attackers to easily and quickly guess valid session IDs generated by a Lua web application and perform session hijacking.; tags | advisory, remote, web; advisories | CVE-2014-2875; SHA-256 | d47d6ee8b23d4dfc00517ad05df39563c3ec959859f6a90ece46d4098f19ee5c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 251 files
indoushka 155 files
Ubuntu 91 files
Gentoo 32 files
Debian 21 files
LiquidWorm 14 files
Apple 11 files
malvuln 8 files
Google Security Research 7 files
verylazytech 4 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,140)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,531)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,026)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,914)
UNIX (9,469)
UnixWare (188)
Windows (6,784)
Other

CVE-2014-2875

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems