CVE-2001-1534

NameCVE-2001-1534
Descriptionmod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: local)
Debian Bugs328919

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
apache2 (PTS)wheezy2.2.22-13+deb7u6vulnerable
wheezy (security)2.2.22-13+deb7u12vulnerable
jessie (security), jessie2.4.10-10+deb8u11vulnerable
stretch (security), stretch2.4.25-3+deb9u3vulnerable
buster2.4.29-1vulnerable
sid2.4.29-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
apachesource(unstable)(unfixed)unimportant328919
apache2source(unstable)(unfixed)unimportant

Notes

Cookies are only used for invading user privacy,
not for authentication, so apache and apache2 should be fine.

Search for package or bug name: Reporting problems