Vulnerability Details : CVE-2009-4655
Public exploit exists!
The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.
Products affected by CVE-2009-4655
- cpe:2.3:a:novell:edirectory:8.8.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-4655
60.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2009-4655
-
Novell eDirectory DHOST Predictable Session Cookie
First seen: 2020-04-26auxiliary/admin/edirectory/edirectory_dhost_cookieThis module is able to predict the next session cookie value issued by the DHOST web service of Novell eDirectory 8.8.5. An attacker can run this module, wait until the real administrator logs in, then specify the predicted cookie value to hijack their session. Auth
CVSS scores for CVE-2009-4655
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2009-4655
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-4655
-
http://www.metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb
Exploit
-
http://osvdb.org/60035
-
http://www.metasploit.com/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie
Exploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/56613
Jump to