Zeacom Chat Server prior to 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote malicious users to hijack sessions or cause a denial of service (Chat Server crash or Tomcat daemon crash) via a brute-force attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zeacom chat server |