Description

mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.

Remediation

References

CVE-2001-1534

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20279)

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-5320)

Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-2938)

WordPress Plugin Easy Appointments Cross-Site Scripting (3.11.0)

WordPress Plugin Smash Balloon Social Post Feed Cross-Site Scripting (4.1)

Severity

Low

Classification

CVE-2001-1534 CWE-384

Tags

Missing Update Known Vulnerabilities