← back
CVE-2014-1219

CVE-2014-1219

EPSS 4.6%
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/31647unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1219/http://www.securityfocus.com/bid/65537