[Japanese]

JVNDB-2009-000035

Predictable session ID vulnerability in Serene Bach

Overview

Serene Bach from SerendipityNZ Limited contains a vulnerability in which it generates predictable session ID's.

Serene Bach from SerendipityNZ Limited is a weblog management system. Serene Bach contains a vulnerability in which it generates predictable session ID's.
CVSS Severity (What is CVSS?)

Base Metrics: 5.1 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial

Affected Products


SerendipityNZ Limited
  • Serene Bach 2.20R and earlier
  • Serene Bach 3.00 beta023 and earlier

Impact

A remote attacker could impersonate an administrator of Serene Bach. As a result, an attacker could obtain or alter information stored in Serene Bach.
Solution

[Update the Software]
Update to the latest version according to the information provided by the vendor.
Vendor Information

SerendipityNZ Limited
CWE (What is CWE?)

  1. Improper Authentication(CWE-287) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2009-2165
References

  1. JVN : JVN#20689557
  2. National Vulnerability Database (NVD) : CVE-2009-2165
  3. Secunia Advisory : SA35335
  4. SecurityFocus : 35254
Revision History

[2009/06/18]
  Web page published