CVE-2015-2913
N/A
N/A
Summary
server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.kb.cert.org/vuls/id/845332
- https://github.com/orientechnologies/orientdb/commit/668ece96be210e742a4e2820a3085b215cf55104
References
- https://www.kb.cert.org/vuls/id/845332
- https://github.com/orientechnologies/orientdb/commit/668ece96be210e742a4e2820a3085b215cf55104
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.