Vulnerability Description
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | >= 1.3.11, <= 1.3.20 |
Related Weaknesses (CWE)
References
- http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.htmlBroken Link
- http://www.iss.net/security_center/static/7494.phpBroken Link
- http://www.securityfocus.com/bid/3521Third Party AdvisoryVDB Entry
- http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.htmlBroken Link
- http://www.iss.net/security_center/static/7494.phpBroken Link
- http://www.securityfocus.com/bid/3521Third Party AdvisoryVDB Entry
FAQ
What is CVE-2001-1534?
CVE-2001-1534 is a vulnerability with a CVSS score of 2.1 (LOW). mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain sess...
How severe is CVE-2001-1534?
CVE-2001-1534 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1534?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.