CVE-2001-1534

NameCVE-2001-1534
Descriptionmod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: local)
Debian Bugs328919

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
apache2 (PTS)jessie (security), jessie2.4.10-10+deb8u12vulnerable
stretch2.4.25-3+deb9u6vulnerable
stretch (security)2.4.25-3+deb9u4vulnerable
buster, sid2.4.37-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
apachesource(unstable)(unfixed)unimportant328919
apache2source(unstable)(unfixed)unimportant

Notes

Cookies are only used for invading user privacy,
not for authentication, so apache and apache2 should be fine.
Search for package or bug name: Reporting problems