Vulnerability Description
ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Antony Lesuisse | Ajaxterm | <= 0.10 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052655.h
- http://secunia.com/advisories/42784
- http://www.ocert.org/advisories/ocert-2009-004.htmlExploit
- http://www.openwall.com/lists/oss-security/2009/05/11/1Exploit
- http://www.securityfocus.com/archive/1/503421/100/0/threaded
- http://www.securityfocus.com/bid/34903
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50464
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052655.h
- http://secunia.com/advisories/42784
- http://www.ocert.org/advisories/ocert-2009-004.htmlExploit
- http://www.openwall.com/lists/oss-security/2009/05/11/1Exploit
- http://www.securityfocus.com/archive/1/503421/100/0/threaded
- http://www.securityfocus.com/bid/34903
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50464
FAQ
What is CVE-2009-1629?
CVE-2009-1629 is a vulnerability with a CVSS score of 6.8 (MEDIUM). ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session...
How severe is CVE-2009-1629?
CVE-2009-1629 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1629?
Check the references section above for vendor advisories and patch information. Affected products include: Antony Lesuisse Ajaxterm.