5.8
CVE-2007-5154
- EPSS 0.82%
- Veröffentlicht 01.10.2007 05:17:00
- Zuletzt bearbeitet 16.06.2026 22:45:33
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginSession fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.82% | 0.525 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
http://jvn.jp/jp/JVN%2370075625/index.html
http://osvdb.org/41380
http://secunia.com/advisories/27004
http://www.securityfocus.com/bid/25843
https://exchange.xforce.ibmcloud.com/vulnerabilities/36850