CVE-2007-3988

Virtual Hosting Control System < 2.4.7.1 - Authentication Bypass

Title source: rule

Description

Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

References (6)

[Vendor Advisory] http://secunia.com/advisories/26142

[Various Sources] http://www.majorsecurity.de/index_2.php?major_rls=major_rls51

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/35548

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/474324/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25006

[Third Party Advisory] http://securityreason.com/securityalert/2926

Scores

EPSS 0.0118

EPSS Percentile 78.5%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

virtual_hosting_control_system/virtual_hosting_control_system < 2.4.7.1

Timeline

Published Jul 25, 2007

Tracked Since Feb 18, 2026