CVE-2014-10400
Last modified
CVE-2014-10400 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.. EPSS estimates a 1.25% chance of exploitation in the next 30 days.
Description
The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Keplerproject | Cgilua | >= 5.0.0, <= 5.0.1 | — |
| Keplerproject | Cgilua | >= 5.1.0, <= 5.1.4 | — |
| Keplerproject | Cgilua | 5.2 | Alpha1 |
References
- http://seclists.org/fulldisclosure/2014/Apr/318Mailing List, Third Party Advisory
- http://www.securityfocus.com/archive/1/531981/100/0/threadedThird Party Advisory, VDB Entry
- http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionidThird Party Advisory
- http://seclists.org/fulldisclosure/2014/Apr/318Mailing List, Third Party Advisory
- http://www.securityfocus.com/archive/1/531981/100/0/threadedThird Party Advisory, VDB Entry
- http://www.syhunt.com/en/index.php?n=Advisories.Cgilua-weaksessionidThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-10400?
How severe is CVE-2014-10400?
How do I fix CVE-2014-10400?
Are you affected by CVE-2014-10400?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST