Lucene search

MitreCVE-2016-10205

HistoryMar 03, 2017 - 3:59 p.m.

CVE-2016-10205

2017-03-0315:59:00

CWE-384

mitre

web.nvd.nist.gov

cve

2016

10205

session fixation

zoneminder

vulnerability

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.5

Confidence

High

EPSS

0.004

Percentile

74.3%

JSON

Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie.

Affected configurations

Nvd

Node

zoneminderzoneminderRange≤1.30.0

VendorProductVersionCPE
zoneminderzoneminder*cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
zoneminder	zoneminder	*	cpe:2.3:a:zoneminder:zoneminder::::::::

References

www.openwall.com/lists/oss-security/2017/02/05/1

www.securityfocus.com/bid/97116

www.foxmole.com/advisories/foxmole-2016-07-05.txt

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.5

Confidence

High

EPSS

0.004

Percentile

74.3%

JSON

Related for CVE-2016-10205