CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.
References
Configurations
History
07 Apr 2021, 17:54
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:broadcom:2e_web_option:r8.1.2:*:*:*:*:*:*:* |
Information
Published : 2014-02-14 13:10
Updated : 2023-12-10 11:31
NVD link : CVE-2014-1219
Mitre link : CVE-2014-1219
CVE.ORG link : CVE-2014-1219
JSON object : View
Products Affected
broadcom
- 2e_web_option
CWE
CWE-20
Improper Input Validation