CVE-2001-1534

Published Dec 31, 2001

Last updated 3 years ago

Overview

Description: mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-384

Vendor comments

Red HatThis is not a security issue. The mod_usertrack cookies are not designed to be used for authentication.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D967723E-8D18-4C07-BA5C-D484E68DCB11",
            "versionEndIncluding": "1.3.20",
            "versionStartIncluding": "1.3.11"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Vendor comments

Configurations

References