Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:26386
HistoryMay 21, 2011 - 12:00 a.m.

CVE-2010-0217 - Zeacom Chat Server JSESSIONID weak SessionID Vulnerability

2011-05-2100:00:00
vulners.com
17
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                    Packetninjas L.L.C
                   www.packetninjas.net

                -= Security  Advisory =-

Advisory:  Zeacom Chat Server JSESSIONID weak SessionID Vulnerability

Release Date: unknown
Last Modified: 09/27/2010
Author: Daniel Clemens [daniel.clemens[at]packetninjas.net]

Application: Zeacom Chat Application <= 5.0 SP4
Severity:

    Usage of weak Weak Session management exists within the Zeacom web-chat application 
    enabling the bruteforce of the sessionid which can enable the hijacking of anothers chat session. 
    The Zeacom application handles new sessions through a 10 character string &#40;JSESSIONID&#41;, 
    resulting in an effective 9 bit entropy level for session management. The end result of an 
    attack would enable an attacker to hijack a session where private information is revealed 
    within a chat session or a denial of service within the application server resulting in 
    a complete crash of the application server. &#40;Tomcat&#41;
    
    In most scenarios the application would crash locking the application server. 

    Risk:  Medium

Vendor Status: Zeacom
Vulnerability Reference: CVE-2010-0217

http://www.packetninjas.net/storage/advisories/Zeacom-CVE-2010-0217.txt

Overview:
Information provided from http://www.zeacom.com

"Zeacom is a leading provider of advanced Unified Communications solutions that integrate
real-time communication tools such as presence information, contact routing, conferencing,
chat and speech recognition with conventional tools such as voicemail, email and fax."

During evaluation of a blackbox application assessment routine
application security checks were performed to test the strength of session
management within the Zeacom Chat application.

The Zeacom application handles new sessions through a 10 character string which
is a part of the JSESSIONID, which results in an effective 9 bit entropy level
for session management.

Proof of Concept:

By looking at the JSESSIONID, one is able to determine that it is trivial to brute force the session
id (JSESSIONID) space.

Disclosure Timeline:
April 1st, 2010 - Initial Contact with Zeacom.
April 6th, 2010 - Zeacom acknowledges the receipt of the initial communication.
April 20th, 2010 - Zeacom acknowledges that the version of Zeacom Chat server affected is <= 5.0 SP4.
- Zeacom also states that they will not be issuing a patch for customers running <= 5.0SP4
but will be moving clients to their new 5.1 release.

Recommendation:

  • It is recommended to upgrade to the latest version of Zeacom Chat Server. (Version 5.1 or greater)

CVE Information: CVE-2010-0217

| Daniel Uriah Clemens
| Packetninjas L.L.C | | http://www.packetninjas.net
| c. 205.567.6850 | | o. 866.267.8851
"Moments of sorrow are moments of sobriety"

-----BEGIN PGP SIGNATURE-----

iD8DBQFN0vtvlZy1vkUrR4MRAjx3AJ9k6Kj3Ih3LVjabVQE0E+DerZeG0wCfY0dI
lKUHztAtnNG6FH4ZphEl7Wc=
=aw+L
-----END PGP SIGNATURE-----

Related

cve 1
prion 1
securityvulns 1
cve
cve
CVE-2010-0217
2011-05-20 22:55:00
prion
prion
Design/Logic Flaw
2011-05-20 22:55:00
securityvulns
securityvulns
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2011-05-21 00:00:00
JSON
Related for SECURITYVULNS:DOC:26386
cve1prion1securityvulns1