CVE-2010-0217

Published: May 20, 2011

Modified: Aug 7, 2024

PUBLISHED

Description

Zeacom Chat Server before 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote attackers to hijack sessions or cause a denial of service (Chat Server crash or Tomcat daemon crash) via a brute-force attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20110517 CVE-2010-0217 - Zeacom Chat Server JSESSIONID weak SessionID Vulnerability

mailing-list

x_refsource_BUGTRAQ

http://www.packetninjas.net/storage/advisories/Zeacom-CVE-2010-0217.txt

x_refsource_MISC

8255

third-party-advisory

x_refsource_SREASON

47910

vdb-entry

x_refsource_BID

chat-server-jsessionid-session-hijacking(67540)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2010-0217

Description

Affected Products

References