CVE-2009-1629

NameCVE-2009-1629
Descriptionajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1994-1
NVD severitymedium (attack range: remote)
Debian Bugs528938

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ajaxterm (PTS)wheezy, jessie0.10-12fixed
buster, sid, stretch0.10-13fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ajaxtermsource(unstable)0.10-5medium528938
ajaxtermsourceetch0.9-2+etch1mediumDSA-1994-1
ajaxtermsourcelenny0.10-2+lenny1mediumDSA-1994-1

Search for package or bug name: Reporting problems