Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to hijack web sessions via unspecified vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Managed_file_transfer_command_center | Tibco | * | 7.1.0 (including) |
| Managed_file_transfer_command_center | Tibco | 6.7 (including) | 6.7 (including) |
| Managed_file_transfer_command_center | Tibco | 7.0 (including) | 7.0 (including) |
| Managed_file_transfer_command_center | Tibco | 7.0.1 (including) | 7.0.1 (including) |
| Managed_file_transfer_internet_server | Tibco | * | 7.1.0 (including) |
| Managed_file_transfer_internet_server | Tibco | 6.7 (including) | 6.7 (including) |
| Managed_file_transfer_internet_server | Tibco | 7.0 (including) | 7.0 (including) |
| Managed_file_transfer_internet_server | Tibco | 7.0.1 (including) | 7.0.1 (including) |
| Slingshot | Tibco | * | 1.8.0 (including) |
References
- http://secunia.com/advisories/45976
- http://securitytracker.com/id?1026051
- http://www.osvdb.org/75397
- http://www.securityfocus.com/bid/49619
- http://www.tibco.com/multimedia/mft-slingshot_advisory_20110913_tcm8-14340.txt
- http://www.tibco.com/services/support/advisories/mft-slingshot-advisory_20110913.jsp
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69805
- http://secunia.com/advisories/45976
- http://securitytracker.com/id?1026051
- http://www.osvdb.org/75397
- http://www.securityfocus.com/bid/49619
- http://www.tibco.com/multimedia/mft-slingshot_advisory_20110913_tcm8-14340.txt
- http://www.tibco.com/services/support/advisories/mft-slingshot-advisory_20110913.jsp
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69805