Vulnerabilities > CVE-2011-3424 - Cross-Site Scripting vulnerability in Tibco products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
tibco
Summary
Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to hijack web sessions via unspecified vectors. Per: http://cwe.mitre.org/data/definitions/384.html 'CWE-384: Session Fixation'
Vulnerable Configurations
References
- http://secunia.com/advisories/45976
- http://securitytracker.com/id?1026051
- http://www.osvdb.org/75397
- http://www.securityfocus.com/bid/49619
- http://www.tibco.com/multimedia/mft-slingshot_advisory_20110913_tcm8-14340.txt
- http://www.tibco.com/services/support/advisories/mft-slingshot-advisory_20110913.jsp
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69805