CVE-2014-10399

Medium

The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions.…

mitre·CWE-384·Published 2020-02-06

CVSS

6.1

EPSS

0.01

KEV

Exploits

cve.orgen

189 chars

The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.

NVDen

189 chars

The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.

La biblioteca session.lua en CGILua versiones 5.1.x usa el mismo ID para cada sesión, lo que permite a atacantes remotos secuestrar sesiones arbitrarias. NOTA: esta vulnerabilidad fue SEPARADA de CVE-2014-2875.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N
3.1	Primary	NVD	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N