Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name	HTTP:CA-SSNID-PE
Severity	Major
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	CA 2E Web Option Unauthenticated Privilege Escalation
Release Date	2017/04/17
Update Number	2868
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: CA 2E Web Option Unauthenticated Privilege Escalation

There exists a vulnerability in CA 2E Web Option. Successful Exploitation can lead to unauthenticated privilege escalation via a predictable session token.

Extended Description

CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.

Affected Products

Ca 2e_web_option r8.1.2

References

CVE: CVE-2014-1219

Signature Detail

This site is deprecated. Please CLICK HERE for latest updates

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: CA 2E Web Option Unauthenticated Privilege Escalation

Extended Description

Affected Products

References