Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-613

CWE-613

Insufficient Session Expiration

Parent: CWE-672 - Operation on a Resource after Expiration or Release

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

533 vulnerabilities with CWE-613

CVE-2018-14345 HIGH

SDDM <0.17.0 - Privilege Escalation

CVE-2018-11386 MEDIUM

Symfony HttpFoundation 2.7.0-2.7.47 - Denial of Service via PDOSessionHandler

CVE-2018-10990 HIGH

Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 - Insufficient Session Expiration

CVE-2018-7758 MEDIUM

Schneider Electric's MiCOM Px4x - DoS

CVE-2018-0152 HIGH

Cisco IOS XE - Insufficient Session Expiration in Web UI

CVE-2018-5438 MEDIUM

Philips ISCV <2.3.0 - Privilege Escalation

CVE-2018-1195 HIGH

Cloud Controller <1.46.0 - Auth Bypass

CVE-2017-18905 MEDIUM

Mattermost Server <4.0.0-3.9.2 - Info Disclosure

CVE-2017-3966 MEDIUM

McAfee Network Security Manager < 8.2.7.42.2 - Session Fixation via Exposed Session Token

CVE-2017-12191 HIGH

Red Hat CloudForms - Improper Access Control via VMware Shared Account

CVE-2017-15653 HIGH

Asus asuswrt <= 3.0.0.4.380.7743 - Unauthenticated Session Hijacking via User-Agent String

CVE-2017-1693 MEDIUM

IBM Integration Bus <10.0 - Session Hijacking

CVE-2017-1000136 MEDIUM

Mahara <1.8.6, <1.9.4, <1.10.1, <15.04.0 - Info Disclosure

CVE-2017-1000135 MEDIUM

Mahara <1.8.7, <1.9.5, <1.10.3, <15.04.0 - Privilege Escalation

CVE-2017-1000131 MEDIUM

Mahara <15.04.8, 15.10 <15.10.4, 16.04 <16.04.2 - Info Disclosure

CVE-2017-12159 HIGH

Keycloak - Cross-Site Request Forgery

CVE-2017-6145 HIGH

F5 BIG-IP 12.0.0-12.1.2 and 13.0.0 - Insufficient Session Expiration via iControl REST Cookie Conversion

CVE-2017-14007 MEDIUM

ProMinent MultiFLEX M10a - Info Disclosure

CVE-2017-12867 MEDIUM

SimpleSAMLphp < 1.14.14 - Insufficient Session Expiration via Time Offset Manipulation

CVE-2017-11667 HIGH

OpenProject <6.1.6 & <7.0.3 - Info Disclosure

CVE-2017-3215 MEDIUM

Milwaukee ONE-KEY - Insufficient Session Expiration

CVE-2017-6529 HIGH

dnaTools dnaLIMS 4-2015s13 - Session Hijacking via UID Parameter Guessing

CVE-2016-20007 HIGH

REST/JSON project 7.x-1.x - Info Disclosure

CVE-2016-11058 HIGH

NETGEAR genie < 2.4.34 - Insufficient Session Expiration via Hard-coded API Keys

CVE-2016-11014 CRITICAL

NETGEAR JNR1010 Firmware < 1.0.0.32 - Insufficient Session Expiration via Auth Cookie

Previous Page 21 of 22 Next

Details

Vulnerabilities 533

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy