Vulnerability Description
Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack.
CVSS Score
4.6
MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open Source Development Network | Slashcode | 2.0 |
References
- http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html
- http://www.iss.net/security_center/static/7493.php
- http://www.securityfocus.com/bid/3519
- http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html
- http://www.iss.net/security_center/static/7493.php
- http://www.securityfocus.com/bid/3519
FAQ
What is CVE-2001-1535?
CVE-2001-1535 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack.
How severe is CVE-2001-1535?
CVE-2001-1535 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1535?
Check the references section above for vendor advisories and patch information. Affected products include: Open Source Development Network Slashcode.