Novell EDirectory 'DHOST' Cookie Hijack Vulnerability Network Vulnerability

Summary

This host is running Novell eDirectory is prone to Session Cookie hijack vulnerability.

Impact

Successful exploitation will allow remote attackers to hijack arbitrary sessions. Impact Level: Application.

Solution

Apply the vendor provided patch. For more information refer to http://www.novell.com/support/kb/doc.php?id=3426981 ***** NOTE: Ignore this warning if above mentioned versions of modules are already installed. *****

Insight

The flaw is due to error in an 'DHOST' module when handling DHOST web services.An attacker would wait until the real administrator logs in, then specify the predicted cookie value to hijack their session.

Affected

Novell eDirectory version 8.8.5 and prior.

References

http://osvdb.org/60035
http://www.metasploit.com/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4655

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
Adobe Acrobat Remote Code Execution Vulnerability(Win)
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)

Novell eDirectory 'DHOST' Cookie Hijack Vulnerability

Take action and discover your vulnerabilities