{"id":"CVE-2009-1629","details":"ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.","modified":"2024-04-11T07:40:47Z","published":"2009-05-14T17:30:00Z","withdrawn":"2024-06-30T13:40:11.827751Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/42784"},{"type":"EVIDENCE","url":"http://www.ocert.org/advisories/ocert-2009-004.html"},{"type":"EVIDENCE","url":"http://www.openwall.com/lists/oss-security/2009/05/11/1"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052655.html"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/503421/100/0/threaded"},{"type":"WEB","url":"http://www.securityfocus.com/bid/34903"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50464"}],"affected":[{"package":{"name":"ajaxterm","ecosystem":"Debian:10","purl":"pkg:deb/debian/ajaxterm?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.10-5"}]}],"ecosystem_specific":{"urgency":"medium"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2009-1629.json"}}],"schema_version":"1.7.3"}