CVE-2008-5809

futomi CGI Cafe <4.0.1-4.11.3 - Info Disclosure

Title source: llm
STIX 2.1

Description

futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about analysis results, via a modified id.

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000083.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32794
Vendor Advisory x_refsource_confirm
http://www.futomi.com/library/info/2008/20081212.html
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN07468800/index.html

Scores

EPSS 0.0101
EPSS Percentile 58.8%

Details

CWE
CWE-287
Status published
Products (34)
futomi/access_analyzer_cgi _nil_ beta1 (2 CPE variants)
futomi/access_analyzer_cgi 1.0
futomi/access_analyzer_cgi 1.1 (2 CPE variants)
futomi/access_analyzer_cgi 1.2 (2 CPE variants)
futomi/access_analyzer_cgi 1.3 (2 CPE variants)
futomi/access_analyzer_cgi 1.4 (2 CPE variants)
futomi/access_analyzer_cgi 1.5
futomi/access_analyzer_cgi 1.6
futomi/access_analyzer_cgi 1.7
futomi/access_analyzer_cgi 2.0 (2 CPE variants)
... and 24 more
Published Jan 02, 2009
Tracked Since Feb 18, 2026