CVE-2001-1534

NameCVE-2001-1534
Descriptionmod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow
Debian Bugs328919

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
apache2 (PTS)jessie2.4.10-10+deb8u12vulnerable
jessie (security)2.4.10-10+deb8u16vulnerable
stretch2.4.25-3+deb9u8vulnerable
stretch (security)2.4.25-3+deb9u9vulnerable
buster2.4.38-3+deb10u1vulnerable
buster (security)2.4.38-3+deb10u3vulnerable
bullseye, sid2.4.41-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
apachesource(unstable)(unfixed)unimportant328919
apache2source(unstable)(unfixed)unimportant

Notes

Cookies are only used for invading user privacy,
not for authentication, so apache and apache2 should be fine.

Search for package or bug name: Reporting problems