CVE-2014-9386

Published: Dec 15, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack sessions by leveraging an unattended workstation, aka ZEN-12691.

Affected (16)

Products: Zenoss: Zenoss Core

Zenoss

1 product

Zenoss Core

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Zenoss Zenoss Core	Up to 4.2.5
Zenoss Zenoss Core	Version 2.4.0
Zenoss Zenoss Core	Version 2.4.5
Zenoss Zenoss Core	Version 2.5.0
Zenoss Zenoss Core	Version 2.5.1
Zenoss Zenoss Core	Version 2.5.2
Zenoss Zenoss Core	Version 3.0.0
Zenoss Zenoss Core	Version 3.0.1
Zenoss Zenoss Core	Version 3.0.2
Zenoss Zenoss Core	Version 3.0.3
Zenoss Zenoss Core	Version 3.1.0
Zenoss Zenoss Core	Version 3.2.0
Zenoss Zenoss Core	Version 3.2.1
Zenoss Zenoss Core	Version 4.2.0
Zenoss Zenoss Core	Version 4.2.3
Zenoss Zenoss Core	Version 4.2.4

References (4)

http://www.kb.cert.org/vuls/id/449452

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

Source: cret@cert.org

Vendor Advisory

http://www.kb.cert.org/vuls/id/449452

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.