The J2EE application is configured to use an insufficient session ID length.

Related CAPEC definitions

An adversary guesses, obtains, or "rides" a trusted identifier (e.g. session ID, resource ID, cookie, etc.) to perform authorized actions under the guise of an authenticated user or service.
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Please note that CWE definitions are provided as a quick reference only. Visit http://cwe.mitre.org/ for a complete list of CWE entries and for more details.
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!