CVE-2009-4655

Currently unrated

Key Information:

Vendor: Novell
Status: Edirectory
Vendor: CVE Published:; 26 February 2010

Summary

The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.

References

http://www.metasploit.com/modules/auxiliary/admin/edirect...

x_refsource_MISC

http://osvdb.org/60035

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/56613

vdb-entryx_refsource_XF

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 26, 2010
Vulnerability Reserved
Feb 26, 2010

Collectors

NVD DatabaseMitre Database