Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-4655

CWE-3104 documents4 sources

Severity

7.5HIGH

EPSS

60.3%

top 1.72%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Novell Edirectory

Timeline

PublishedFeb 26

Latest updateMay 2

Description

The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDnovell/edirectory8.8.5

🔴Vulnerability Details

GHSA

GHSA-g533-rphg-9fjx: The dhost web service in Novell eDirectory 8↗2022-05-02

▶

CVEList

CVE-2009-4655: The dhost web service in Novell eDirectory 8↗2010-02-26

▶

💥Exploits & PoCs

Exploit-DB

Novell eDirectory 8.8.5 - DHost Weak Session Cookie Session Hijacking (Metasploit)↗2010-03-14

▶