CVE-2009-1629

Publication date

2009-05-14 17:00:00

Family

mitre

State

PUBLISHED

Description

ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.