Cookie Handling Vulnerability in Novell eDirectory
CVE-2016-5747

7.5HIGH

Key Information:

Vendor: Novell
Status: Novell Edirectory
Vendor: CVE Published:; 23 March 2017

What is CVE-2016-5747?

A vulnerability in the cookie handling process within the HTTP stack of Novell eDirectory allows attackers to circumvent intended access controls. This is achieved by exploiting predictable cookie values that can be manipulated for unauthorized access. Affected versions prior to 9.0.1 are susceptible, which may expose sensitive information or enable attackers to perform actions without proper authentication.

Affected Version(s)

Novell eDirectory Novell eDirectory

References

https://www.novell.com/support/kb/doc.php?id=7016794

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2017
Vulnerability Reserved
Jun 23, 2016