CVE-2015-2913

by Fred · 30/12/2015

server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class.

Date published : 2015-12-30

https://www.kb.cert.org/vuls/id/845332

https://github.com/orientechnologies/orientdb/commit/668ece96be210e742a4e2820a3085b215cf55104

CVE-2015-2913

Related

Recent Posts

Categories

Latest CWE

CVE-2015-2913

Share this:

Related

Recent Posts

Categories

Tags

Latest CWE