[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256610

 
 

909

 
 

199263

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-4099Date: (C)2006-11-29   (M)2023-12-22


Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-21350
SECUNIA-23137
ADV-2006-4748
crystalreports-wcsid-session-hijacking(30568)
http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf
http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf
http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf

CPE    2
cpe:/a:businessobjects:crystal_enterprise:10
cpe:/a:businessobjects:crystal_enterprise:9

© SecPod Technologies