Vulnerability Details : CVE-2014-1219
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.
Vulnerability category: Input validation
Products affected by CVE-2014-1219
- cpe:2.3:a:broadcom:2e_web_option:r8.1.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1219
6.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1219
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
CWE ids for CVE-2014-1219
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1219
-
http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1219/
CVE-2014-1219 - Portcullis
-
http://www.securityfocus.com/bid/65537
2E Web Option Predictable Session Token Authentication Bypass Vulnerability
Jump to