CVE-2014-9386
Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack sessions by leveraging an unattended workstation, aka ZEN-12691.
| Software | From | Fixed in |
|---|---|---|
| zenoss / zenoss_core | 3.0.2 | 3.0.2.x |
| zenoss / zenoss_core | 2.4.0 | 2.4.0.x |
| zenoss / zenoss_core | 3.1.0 | 3.1.0.x |
| zenoss / zenoss_core | 2.5.2 | 2.5.2.x |
| zenoss / zenoss_core | 3.2.1 | 3.2.1.x |
| zenoss / zenoss_core | 4.2.4 | 4.2.4.x |
| zenoss / zenoss_core | 2.4.5 | 2.4.5.x |
| zenoss / zenoss_core | 2.5.0 | 2.5.0.x |
| zenoss / zenoss_core | 2.5.1 | 2.5.1.x |
| zenoss / zenoss_core | 3.2.0 | 3.2.0.x |
| zenoss / zenoss_core | 4.2.3 | 4.2.3.x |
| zenoss / zenoss_core | 3.0.0 | 3.0.0.x |
| zenoss / zenoss_core | 3.0.1 | 3.0.1.x |
| zenoss / zenoss_core | - | 4.2.5.x |
| zenoss / zenoss_core | 4.2.0 | 4.2.0.x |
| zenoss / zenoss_core | 3.0.3 | 3.0.3.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime