CVE-2009-4655

Novell eDirectory 8.8.5 - Info Disclosure

Title source: llm

Description

The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotenovell

https://www.exploit-db.com/exploits/33767

View Code ZIP pw:eip

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://osvdb.org/60035

[Exploit] http://www.metasploit.com/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie

[Exploit] http://www.metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/56613

Scores

EPSS 0.6034

EPSS Percentile 98.3%

Details

CWE

CWE-310

Status published

Products (1)

novell/edirectory 8.8.5

Published Feb 26, 2010

Tracked Since Feb 18, 2026