Tendrl API CVE-2018-1127 Session Hijacking Vulnerability
BID:104126
Info
Tendrl API CVE-2018-1127 Session Hijacking Vulnerability
| Bugtraq ID: | 104126 |
| Class: | Design Error |
| CVE: |
CVE-2018-1127 |
| Remote: | Yes |
| Local: | No |
| Published: | May 05 2018 12:00AM |
| Updated: | May 05 2018 12:00AM |
| Credit: | Filip Balák of Red Hat. |
| Vulnerable: |
Tendrl API 1.2.3 Tendrl API 1.2.2 Tendrl API 1.2.1 Tendrl API 1.2 Tendrl API 1.1 Tendrl API 1.0 |
| Not Vulnerable: | |
Discussion
Tendrl API CVE-2018-1127 Session Hijacking Vulnerability
Tendrl API is prone to a session-hijacking vulnerability.
An attacker can leverage this issue to gain unauthorized access to the affected application.
Tendrl API is prone to a session-hijacking vulnerability.
An attacker can leverage this issue to gain unauthorized access to the affected application.
Exploit / POC
Tendrl API CVE-2018-1127 Session Hijacking Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Tendrl API CVE-2018-1127 Session Hijacking Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Tendrl API CVE-2018-1127 Session Hijacking Vulnerability
References:
References:
- Fix caching issues for user APIs (Tendrl API)
- Tendrl API CVE-2018-1127 Session Hijacking Vulnerability (Red Hat Bugzilla)
- Tendrl Home Page (Tendrl)
- Bug 1575835 - (CVE-2018-1127) CVE-2018-1127 tendrl-api: Improper cleanup of sess (Red Hat Bugzilla)