Vulnerabilities > Keplerproject
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-06 | CVE-2014-2875 | Improper Restriction of Excessive Authentication Attempts vulnerability in Keplerproject Cgilua The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. | 6.1 |
| 2020-02-06 | CVE-2014-10400 | Session Fixation vulnerability in Keplerproject Cgilua The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. | 6.1 |
| 2020-02-06 | CVE-2014-10399 | Session Fixation vulnerability in Keplerproject Cgilua The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. | 6.1 |