CVE-2007-2719

Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Systems_insight_manager	Hp	4.2 (including)	4.2 (including)
Systems_insight_manager	Hp	5.0-sp4 (including)	5.0-sp4 (including)
Systems_insight_manager	Hp	5.0-sp5 (including)	5.0-sp5 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/114.html
https://cwe.mitre.org/data/definitions/115.html
https://cwe.mitre.org/data/definitions/151.html
https://cwe.mitre.org/data/definitions/194.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/593.html
https://cwe.mitre.org/data/definitions/633.html
https://cwe.mitre.org/data/definitions/650.html
https://cwe.mitre.org/data/definitions/94.html

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01049713
http://osvdb.org/36061
http://secunia.com/advisories/25275
http://www.acrossecurity.com/aspr/ASPR-2007-05-14-1-PUB.txt
http://www.securityfocus.com/archive/1/468974/100/0/threaded
http://www.securityfocus.com/bid/23988
http://www.securitytracker.com/id?1018062
http://www.vupen.com/english/advisories/2007/1823
https://exchange.xforce.ibmcloud.com/vulnerabilities/34303

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-2719
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References