CVE-2011-2401 - OpenCVE

Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to hijack web sessions via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:C/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Sitescope

Configuration 1 [-]

OR	cpe:2.3:a:hp:sitescope:9.0:::::::*
	cpe:2.3:a:hp:sitescope:9.54:::::::*
	cpe:2.3:a:hp:sitescope:10.00:::::::*
	cpe:2.3:a:hp:sitescope:10.13:::::::*
	cpe:2.3:a:hp:sitescope:11.01:::::::*
	cpe:2.3:a:hp:sitescope:11.1:::::::*

No data.

References

Link	Providers
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02940969
http://osvdb.org/74114
http://secunia.com/advisories/45440
http://securitytracker.com/id?1025856
http://www.securityfocus.com/bid/48916
https://exchange.xforce.ibmcloud.com/vulnerabilities/68868

History

No history.

MITRE

Status: PUBLISHED

Assigner: hp

Published: 2011-07-29T20:00:00

Updated: 2024-08-06T23:00:33.614Z

Reserved: 2011-06-06T00:00:00

Link: CVE-2011-2401

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-07-29T20:55:01.173

Modified: 2017-08-29T01:29:24.660

Link: CVE-2011-2401

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-07-27T00:00:00", "descriptions": [{"lang": "en", "value": "Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to hijack web sessions via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp"}, "references": [{"name": "HPSBMU02692", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02940969"}, {"name": "SSRT100581", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02940969"}, {"name": "74114", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/74114"}, {"name": "48916", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/48916"}, {"name": "sitescope-sessions-session-hijacking(68868)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68868"}, {"name": "45440", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45440"}, {"name": "1025856", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1025856"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "hp-security-alert@hp.com", "ID": "CVE-2011-2401", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to hijack web sessions via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "HPSBMU02692", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02940969"}, {"name": "SSRT100581", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02940969"}, {"name": "74114", "refsource": "OSVDB", "url": "http://osvdb.org/74114"}, {"name": "48916", "refsource": "BID", "url": "http://www.securityfocus.com/bid/48916"}, {"name": "sitescope-sessions-session-hijacking(68868)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68868"}, {"name": "45440", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/45440"}, {"name": "1025856", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1025856"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:00:33.614Z"}, "title": "CVE Program Container", "references": [{"name": "HPSBMU02692", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02940969"}, {"name": "SSRT100581", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02940969"}, {"name": "74114", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/74114"}, {"name": "48916", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/48916"}, {"name": "sitescope-sessions-session-hijacking(68868)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68868"}, {"name": "45440", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45440"}, {"name": "1025856", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1025856"}]}]}, "cveMetadata": {"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "assignerShortName": "hp", "cveId": "CVE-2011-2401", "datePublished": "2011-07-29T20:00:00", "dateReserved": "2011-06-06T00:00:00", "dateUpdated": "2024-08-06T23:00:33.614Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:sitescope:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC27BE3-016D-464C-AD53-06EE4D7BCD60", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:sitescope:9.54:*:*:*:*:*:*:*", "matchCriteriaId": "FDBB474E-FE3F-489F-8119-56F68C3E0242", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:sitescope:10.00:*:*:*:*:*:*:*", "matchCriteriaId": "58ECC901-5DE4-4C0E-8B0C-B2EF164C0102", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:sitescope:10.13:*:*:*:*:*:*:*", "matchCriteriaId": "C62A1094-99FA-4730-9550-133D3C428A7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:sitescope:11.01:*:*:*:*:*:*:*", "matchCriteriaId": "814ADE5D-DCCD-4C68-BB3D-32828547C361", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:sitescope:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C7C7FCC3-5C45-4A94-AA8D-17C484325255", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to hijack web sessions via unspecified vectors."}, {"lang": "es", "value": "Una vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en HP SiteScope v9.x, v10.x y v11.x permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de vectores no especificados."}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/384.html\r\n'CWE-384: Session Fixation'", "id": "CVE-2011-2401", "lastModified": "2017-08-29T01:29:24.660", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:C/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-07-29T20:55:01.173", "references": [{"source": "hp-security-alert@hp.com", "tags": ["Vendor Advisory"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02940969"}, {"source": "hp-security-alert@hp.com", "url": "http://osvdb.org/74114"}, {"source": "hp-security-alert@hp.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/45440"}, {"source": "hp-security-alert@hp.com", "url": "http://securitytracker.com/id?1025856"}, {"source": "hp-security-alert@hp.com", "url": "http://www.securityfocus.com/bid/48916"}, {"source": "hp-security-alert@hp.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68868"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}