CVE-2015-5384 | Cyber Solutions By Thales

Abstract Advisory Information

Security issue affecting the product AXIOM from the company AXIOMSL (http://axiomsl.com). The web application (Google Web Toolkit module) is vulnerable to Session Fixation attack. Vendor is informed about this vulnerability and the CVE ID is referenced into the release note of the product for the version in which the issue is fixed (and also in JIRA ticket).

Author: Dominique Righetto

Version affected

9.5.3

Common Vulnerability Scoring System

4.9

Patches

The vulnerability is fixed from the version 9.7 through a patch and superior version are patched by default.

Vulnerability Disclosure Timeline

2015-07-01: Security note sent to AXIOMSL contact about the vulnerability.
2015-07-03: Acknowledge from AXIOMSL about reception of our note and start working on a fix.
2015-07-06: Ask for CVE ID to MITRE.
2015-07-09: Received CVE ID from MITRE.
2015-07-24: Received fix information from AXIOMSL.
2015-07-25: Creation of this advisory note.
2015-09-01: Ask to MITRE to publish CVE.