Vulnerability Description
futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Futomi | Access Analyzer Cgi | <= 4.0.1 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN07468800/index.html
- http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000083.html
- http://www.futomi.com/library/info/2008/20081212.htmlVendor Advisory
- http://www.securityfocus.com/bid/32794
- http://jvn.jp/en/jp/JVN07468800/index.html
- http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000083.html
- http://www.futomi.com/library/info/2008/20081212.htmlVendor Advisory
- http://www.securityfocus.com/bid/32794
FAQ
What is CVE-2008-5809?
CVE-2008-5809 is a vulnerability with a CVSS score of 5.8 (MEDIUM). futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijac...
How severe is CVE-2008-5809?
CVE-2008-5809 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5809?
Check the references section above for vendor advisories and patch information. Affected products include: Futomi Access Analyzer Cgi.