CVE-2008-5809

futomi CGI Cafe <4.0.1-4.11.3 - Info Disclosure

Title source: llm

Description

futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id.

References (4)

[Third Party Advisory] http://jvn.jp/en/jp/JVN07468800/index.html

[Third Party Advisory] http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000083.html

[Vendor Advisory] http://www.futomi.com/library/info/2008/20081212.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/32794

Scores

EPSS 0.0029

EPSS Percentile 51.6%

Classification

CWE

CWE-287

Status draft

Affected Products (50)

futomi/access_analyzer_cgi < 4.0.1

futomi/access_analyzer_cgi

futomi/access_analyzer_cgi

futomi/access_analyzer_cgi

futomi/access_analyzer_cgi

futomi/access_analyzer_cgi

futomi/access_analyzer_cgi

futomi/access_analyzer_cgi

futomi/access_analyzer_cgi

futomi/access_analyzer_cgi

futomi/access_analyzer_cgi

futomi/access_analyzer_cgi

futomi/access_analyzer_cgi

futomi/access_analyzer_cgi

futomi/access_analyzer_cgi

... and 35 more

Timeline

Published Jan 02, 2009

Tracked Since Feb 18, 2026