Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2001-1534

mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.

Published

2001-12-31T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 2.1 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-384

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	http_server	≤ 1.3.20	Yes

References

http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html Broken Link ([email protected])
http://www.iss.net/security_center/static/7494.php Broken Link ([email protected])
http://www.securityfocus.com/bid/3521 Third Party Advisory, VDB Entry ([email protected])
http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.iss.net/security_center/static/7494.php Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/3521 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)