Published: 14/05/2009 Updated: 10/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

ajaxterm.js in AjaxTerm 0.10 and previous versions generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote malicious users to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
antony lesuisse ajaxterm
antony lesuisse ajaxterm 0.7
antony lesuisse ajaxterm 0.6
antony lesuisse ajaxterm 0.8
antony lesuisse ajaxterm 0.9

Debian Bug report logs - #528938 CVE-2009-1629: generates session IDs with predictable random numbers Package: ajaxterm; Maintainer for ajaxterm is Debian QA Group <packages@qadebianorg>; Source for ajaxterm is src:ajaxterm (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Sat, 16 Ma ...

It was discovered that Ajaxterm, a web-based terminal, generates weak and predictable session IDs, which might be used to hijack a session or cause a denial of service attack on a system that uses Ajaxterm For the oldstable distribution (etch), the problem has been fixed in version 09-2+etch1 For the stable distribution (lenny), the problem has ...

CWE-287 http://www.ocert.org/advisories/ocert-2009-004.html http://www.openwall.com/lists/oss-security/2009/05/11/1 http://www.securityfocus.com/bid/34903 http://secunia.com/advisories/42784 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052655.html https://exchange.xforce.ibmcloud.com/vulnerabilities/50464 http://www.securityfocus.com/archive/1/503421/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528938 https://nvd.nist.gov https://www.debian.org/security/./dsa-1994

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-1629

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect