6.8

CVE-2009-1629

Exploit

EPSS 0.99%
Published 14.05.2009 17:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Antony Lesuisse ≫ Ajaxterm Version <= 0.10

Antony Lesuisse ≫ Ajaxterm Version0.6

Antony Lesuisse ≫ Ajaxterm Version0.7

Antony Lesuisse ≫ Ajaxterm Version0.8

Antony Lesuisse ≫ Ajaxterm Version0.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.99%	0.756

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052655.html

http://secunia.com/advisories/42784

http://www.ocert.org/advisories/ocert-2009-004.html

Exploit

http://www.openwall.com/lists/oss-security/2009/05/11/1

Exploit

http://www.securityfocus.com/archive/1/503421/100/0/threaded

http://www.securityfocus.com/bid/34903

https://exchange.xforce.ibmcloud.com/vulnerabilities/50464

https://nvd.nist.gov/vuln/detail/CVE-2009-1629

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1629

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1629

EUVD