CVE-2001-1534Session Fixation in Apache Http Server

CWE-384Session Fixation6 documents6 sources
Severity
2.1LOWNVD
EPSS
0.1%
top 68.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Http Server
Timeline
PublishedDec 31
Latest updateApr 30

Description

mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDapache/http_server1.3.111.3.20

🔴Vulnerability Details

3
GHSA
GHSA-gp27-vhqc-jqvp: mod_usertrack in Apache 12022-04-30
CVEList
CVE-2001-1534: mod_usertrack in Apache 12005-07-14
OSV
CVE-2001-1534: mod_usertrack in Apache 12001-12-31

📋Vendor Advisories

2
Debian
CVE-2001-1534: apache2 - mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predi...2001
Red Hat
CVE-2001-1534: mod_usertrack in Apache 1
CVE-2001-1534 — Session Fixation in Apache Http Server | cvebase