CVE-2009-1629

NameCVE-2009-1629
Descriptionajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1994-1
Debian Bugs528938

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ajaxtermsourceetch0.9-2+etch1DSA-1994-1
ajaxtermsourcelenny0.10-2+lenny1DSA-1994-1
ajaxtermsource(unstable)0.10-5medium528938
Search for package or bug name: Reporting problems