CVE-2001-1534
Apache HTTP Server 1.3.11-1.3.20 - Session Fixation via Predictable mod_usertrack Session IDs
Title source: llmDescription
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/3521
Broken Link vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/7494.php
Broken Link mailing-list
x_refsource_bugtraq
http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00084.html
Scores
EPSS
0.0070
EPSS Percentile
48.3%
Details
CWE
CWE-384
Status
published
Products (1)
apache/http_server
1.3.11 - 1.3.20
Published
Dec 31, 2001
Tracked Since
Feb 18, 2026