Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Unknown
CVE-2014-2875
Disclosure Date: February 06, 2020 (last updated February 21, 2025)
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID.
0
Attacker Value
Unknown
CVE-2014-10400
Disclosure Date: February 06, 2020 (last updated February 21, 2025)
The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.
0
Attacker Value
Unknown
CVE-2014-10399
Disclosure Date: February 06, 2020 (last updated February 21, 2025)
The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.
0