Predictable Session IDs in IBM WebSphere Application Server
CVE-2001-0962

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Commerce Suite; Websphere Application Server
Vendor: CVE Published:; 19 September 2001

Summary

IBM WebSphere Application Server versions 3.02 to 3.53 utilize predictable session IDs for cookies. This design flaw can be exploited by remote attackers to guess session IDs via brute force methods, potentially allowing them to assume the identities of legitimate users and gain unauthorized privileges within the application.

References

http://archives.neohapsis.com/archives/bugtraq/2001-09/02...

mailing-listx_refsource_BUGTRAQ

http://archives.neohapsis.com/archives/bugtraq/2001-09/02...

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/7153

vdb-entryx_refsource_XF

Timeline

Vulnerability Reserved
Jan 31, 2002
Vulnerability published
Sep 19, 2001