CVE-2001-0962

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Commerce Suite; Websphere Application Server
Vendor: CVE Published:; 19 September 2001

Summary

IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.

References

http://archives.neohapsis.com/archives/bugtraq/2001-09/02...

mailing-listx_refsource_BUGTRAQ

http://archives.neohapsis.com/archives/bugtraq/2001-09/02...

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/7153

vdb-entryx_refsource_XF

Timeline

Vulnerability Reserved
Jan 31, 2002
Vulnerability published
Sep 19, 2001