Vulnerability Description
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Websphere Application Server | <= 3.5.3 |
| Ibm | Websphere Commerce Suite | 3.1.2 |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html
- http://www.osvdb.org/5492
- http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7153
- http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html
- http://www.osvdb.org/5492
- http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7153
FAQ
What is CVE-2001-0962?
CVE-2001-0962 is a vulnerability with a CVSS score of 7.5 (HIGH). IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
How severe is CVE-2001-0962?
CVE-2001-0962 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0962?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Websphere Application Server, Ibm Websphere Commerce Suite.