Zeacom Chat Server before 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote attackers to hijack sessions or cause a denial of service (Chat Server crash or Tomcat daemon crash) via a brute-force attack.
References
Configurations
History
No history.
Information
Published : 2011-05-20 22:55
Updated : 2018-10-10 19:51
NVD link : CVE-2010-0217
Mitre link : CVE-2010-0217
CVE.ORG link : CVE-2010-0217
JSON object : View
Products Affected
zeacom
- chat_server
CWE
CWE-310
Cryptographic Issues