Published:2006/11/10 Last Updated:2008/05/21
JVN#34522909
Kahua vulnerable in allowing to share login sessions
Overview
Kahua is an open source application development and runtime environment server.
Kahua contains a vulnerability which allows the sharing of sessions among multiple applications which are referring to different user databases.
Products Affected
- Version 0.6 and earlier
- CVS version 2006-09-26 and earlier
Description
Impact
A remote attacker could possibly take over the user privileges and manipulate applications when several user databases are in use.
If a multiple applications of Kahua refer to different user database, a user could log into multiple applications which results in a login session to be shared by an unintended user.
Solution
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| TIME INTERMEDIA Corporation | Vulnerable | 2006/11/10 |
References
JPCERT/CC Addendum
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2006-000771 |