CVE-2010-2270

Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable httpmod-sessionid cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.

Published: Jun 15, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-2270
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
accoria / rock_web_server	1.4.7	1.4.7.x

http://www.ioactive.com/pdfs/AccoriaWebServer.pdf
http://www.kb.cert.org/vuls/id/245081

Vulnerability Database

290,301

CVE-2010-2270