Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
AjaxTerm ajaxterm.js会话劫持漏洞
Vulnerability Description
Ajaxterm是用python编写的基于web的开源终端。 AjaxTerm的ajaxterm.js脚本使用以下方式在客户端上分配会话id: var sid=" " +Math.round(Math.random()*1000000000); 结合round使用的javascript随机函数没有为特定的会话id提供充足的熵,因此攻击者可以暴力猜测可能的id值并附加上已有的连接。此外由于在执行暴力猜测时还可能耗尽所有可用的会话id,利用这个漏洞还可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A