CVE-2015-0544
First published: Sun Jul 05 2015(Updated: )
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell EMC Secure Remote Services | =3.02 | |
| Dell EMC Secure Remote Services | =3.03 | |
| Dell EMC Secure Remote Services | =3.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2015-0544?
CVE-2015-0544 is classified as a medium severity vulnerability due to its potential for session hijacking.
How do I fix CVE-2015-0544?
To fix CVE-2015-0544, upgrade EMC Secure Remote Services to version 3.06 or later, which improves the randomness of session cookie generation.
What versions are affected by CVE-2015-0544?
CVE-2015-0544 affects EMC Secure Remote Services versions 3.02, 3.03, and 3.04.
What is the impact of CVE-2015-0544?
The impact of CVE-2015-0544 is that attackers can hijack user sessions by predicting session cookie values.
Is CVE-2015-0544 a remote vulnerability?
Yes, CVE-2015-0544 can be exploited by remote attackers due to its nature of session cookie prediction.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/emc
- canonical/dell emc secure remote services
- version/dell emc secure remote services/3.02
- version/dell emc secure remote services/3.03
- version/dell emc secure remote services/3.04