On Tue, Mar 03, 2020 at 05:43:13PM +0100, Sylvain Beucler wrote:
> The following vulnerability was published for lua-cgi.
>
> CVE-2014-2875[0]:
> | The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses
> | weak session IDs generated based on OS time, which allows remote
> | attackers
Package: lua-cgi
Severity: important
Tags: security upstream
Control: found -1 5.2~alpha2-1
Hi,
The following vulnerability was published for lua-cgi.
CVE-2014-2875[0]:
| The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses
| weak session IDs generated based on OS time, which allow
2 matches
Mail list logo
