QwikSec

Security Database

CVE

CWE

Training

CVE-2014-1219

Published: Feb 13, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1219/

x_refsource_MISC

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.