CVE-2015-0544
Summary
| CVE | CVE-2015-0544 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-07-05 10:59:00 UTC |
| Updated | 2016-12-28 02:59:00 UTC |
| Description | EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Emc | Secure Remote Services | 3.02 | All | All | All |
| Application | Emc | Secure Remote Services | 3.03 | All | All | All |
| Application | Emc | Secure Remote Services | 3.04 | All | All | All |
| Application | Emc | Secure Remote Services | 3.02 | All | All | All |
| Application | Emc | Secure Remote Services | 3.03 | All | All | All |
| Application | Emc | Secure Remote Services | 3.04 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Bugtraq: ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities | BUGTRAQ | seclists.org | |
| EMC Secure Remote Services Virtual Edition Certificate Validation and Session Cookie Randomization Flaws Let Remote Users Spoof Systems and Gain Full Control of the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.