Zenoss Core prior to 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote malicious users to hijack sessions by leveraging an unattended workstation, aka ZEN-12691.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
zenoss zenoss core |
||
zenoss zenoss core 3.0.1 |
||
zenoss zenoss core 3.0.3 |
||
zenoss zenoss core 2.4.5 |
||
zenoss zenoss core 2.5.0 |
||
zenoss zenoss core 2.5.1 |
||
zenoss zenoss core 2.5.2 |
||
zenoss zenoss core 3.1.0 |
||
zenoss zenoss core 3.2.0 |
||
zenoss zenoss core 3.2.1 |
||
zenoss zenoss core 4.2.0 |
||
zenoss zenoss core 4.2.3 |
||
zenoss zenoss core 2.4.0 |
||
zenoss zenoss core 3.0.0 |
||
zenoss zenoss core 3.0.2 |
||
zenoss zenoss core 4.2.4 |
Vulmon