CVE-2014-1219
CA 2E Web Option r8.1.2 - Session Hijacking via Predictable Session Token Substring
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-1219. PoCs published by Mike Emery.
AI-analyzed exploit summary The exploit describes an unauthenticated privilege escalation vulnerability in CA 2E Web Option due to a predictable session token. By manipulating the W2E_SSNID parameter, an attacker can hijack valid sessions or cause a denial of service.
Description
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.
Exploits (1)
The exploit describes an unauthenticated privilege escalation vulnerability in CA 2E Web Option due to a predictable session token. By manipulating the W2E_SSNID parameter, an attacker can hijack valid sessions or cause a denial of service.