BIG-IP Predictable Session Cookie Generation Weakness
BID:68792
Info
BIG-IP Predictable Session Cookie Generation Weakness
| Bugtraq ID: | 68792 |
| Class: | Design Error |
| CVE: |
CVE-2013-7408 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 22 2014 12:00AM |
| Updated: | Apr 13 2015 09:01PM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
F5 BIG-IP Analytics 11.3 F5 BIG-IP Analytics 11.2.1 HF3 F5 BIG-IP Analytics 11.2.1 F5 BIG-IP Analytics 11.2 HF3 F5 BIG-IP Analytics 11.2 F5 BIG-IP Analytics 11.3.0 HF4 F5 BIG-IP Analytics 11.2.1 HF5 F5 BIG-IP Analytics 11.2.1 HF2 F5 BIG-IP Analytics 11.2.1 HF1 F5 BIG-IP Analytics 11.2.0 HF5 F5 BIG-IP Analytics 11.2.0 HF2 F5 BIG-IP Analytics 11.1.0 HF7 F5 BIG-IP Analytics 11.1.0 F5 BIG-IP Analytics 11.0.0-HF2 F5 BIG-IP Analytics 11.0.0 |
| Not Vulnerable: |
F5 BIG-IP Analytics 11.5.1 F5 BIG-IP Analytics 11.5 F5 BIG-IP Analytics 11.4.1 |
Discussion
BIG-IP Predictable Session Cookie Generation Weakness
BIG-IP Analytics is prone to a predictable session cookie generation weakness.
An attacker can exploit this issue to gain access to the affected application.
BIG-IP Analytics 11.0.0 through 11.3.0 are affected.
BIG-IP Analytics is prone to a predictable session cookie generation weakness.
An attacker can exploit this issue to gain access to the affected application.
BIG-IP Analytics 11.0.0 through 11.3.0 are affected.
Exploit / POC
BIG-IP Predictable Session Cookie Generation Weakness
Attackers can exploit this issue via a browser.
Attackers can exploit this issue via a browser.