Home  >  CVE-2014-9386
CVE Details for CVE: CVE-2014-9386
Summary
Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack sessions by leveraging an unattended workstation, aka ZEN-12691.
Timestamps
Last major update 21-03-2016 - 16:17
Published 15-12-2014 - 18:59
Last modified 21-03-2016 - 16:17
References
Vulnerable Configurations
  • cpe:2.3:a:zenoss:zenoss_core:-:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:-:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:4.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:4.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:4.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:4.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:2.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:2.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:4.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:4.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zenoss:zenoss_core:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:zenoss:zenoss_core:3.0.2:*:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
CWE
NVD-CWE-Other
CVSS
Base
6.8
Impact
6.4
Exploitability
8.6
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
CVSS3
None
VIA4 references
cvss-vector via4
AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
cert-vn VU#449452
confirm https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing
statements via4
contributor Zenoss
lastmodified 2016-03-21
organization Zenoss
statement Addressed in versions 5.0, 4.2.5.SP273, and 4.2.4.SP854