GHSA-v6wr-fch2-vm5w

Suggest an improvement
Source
https://github.com/advisories/GHSA-v6wr-fch2-vm5w
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-v6wr-fch2-vm5w/GHSA-v6wr-fch2-vm5w.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-v6wr-fch2-vm5w
Aliases
  • CVE-2015-2913
Published
2018-10-18T17:41:27Z
Modified
2024-02-16T08:19:11.966594Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
OrientDB Server Community Edition uses insufficiently random values to generate session IDs
Details

OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values in the server/network/protocol/http/OHttpSessionManager.java, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class.

References

Affected packages

Maven / com.orientechnologies:orientdb-server

Package

Name
com.orientechnologies:orientdb-server
View open source insights on deps.dev
Purl
pkg:maven/com.orientechnologies/orientdb-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.15

Affected versions

1.*

1.0rc9
1.0
1.0.1
1.1.0
1.2.0
1.3.0
1.4.0
1.4.1
1.5.0
1.5.1
1.6
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.7-rc1
1.7-rc2
1.7
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6
1.7.7
1.7.8
1.7.9
1.7.10

2.*

2.0-M1
2.0-M2
2.0-M3
2.0-rc1
2.0-rc2
2.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14

Maven / com.orientechnologies:orientdb-server

Package

Name
com.orientechnologies:orientdb-server
View open source insights on deps.dev
Purl
pkg:maven/com.orientechnologies/orientdb-server

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1.0
Fixed
2.1.1

Affected versions

2.*

2.1.0