Lucene search
HistoryJan 25, 2006 - 11:03 a.m.
CVE-2006-0411
cve-2006-0411
claroline
session hijacking
vulnerability
nvd
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7 High
AI Score
Confidence
Low
0.016 Low
EPSS
Percentile
87.4%
claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.
Affected configurations
Node
clarolineclarolineMatch1.7.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| claroline:claroline | claroline | eq | 1.7.2 |
Related
nvd
nvd
CVE-2006-0411
2006-01-25 11:03:00
prion
prion
Session fixation
2006-01-25 11:03:00
cvelist
cvelist
CVE-2006-0411
2006-01-25 11:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
7 High
AI Score
Confidence
Low
0.016 Low
EPSS
Percentile
87.4%
Related for CVE-2006-0411