CVE-2014-1219 Information

Description

CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token which allows remote attackers to hijack sessions by changing characters at the end of this substring as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.

Reference

http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1219/ http://www.securityfocus.com/bid/65537