Description
Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie.
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23988
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1823
Vendor Advisory vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01049713
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36061
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/468974/100/0/threaded
Patch x_refsource_misc
http://www.acrossecurity.com/aspr/ASPR-2007-05-14-1-PUB.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018062
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34303
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25275
Scores
EPSS
0.0745
EPSS Percentile
91.9%
Details
CWE
CWE-287
Status
published
Products (2)
hp/systems_insight_manager
4.2
hp/systems_insight_manager
5.0 sp4 (2 CPE variants)
Published
May 16, 2007
Tracked Since
Feb 18, 2026