[VulnWatch] Security Paper: Session Fixation Vulnerability in Web-based Applications

From: Mitja Kolsek (ACROS Lists) (lists@acros.si)
Date: 12/18/02

  • Next message: iDEFENSE Labs: "[VulnWatch] iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)" 
    From: "Mitja Kolsek (ACROS Lists)" <lists@acros.si>
To: <bugtraq@securityfocus.com>, <vulnwatch@vulnwatch.org>, <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>
Date: Wed, 18 Dec 2002 15:01:25 +0100

    ACROS Security is pleased to announce the publication of a security paper
    about a new class of attacks on web-based applications that we named
    "session fixation" attacks. The paper is available at

            [ http://www.acros.si/papers/session_fixation.pdf ]

    and could be useful to all web applications developers and security
    analysts. We will appreciate any feedback you might provide.

    Mitja Kolsek

    ACROS, d.o.o.
    Stantetova 4, SI - 2000 Maribor, Slovenia
    web: http://www.acros.si
    e-mail: mitja.kolsek@acros.si

    Relevant Pages

    • Security Paper: Session Fixation Vulnerability in Web-based Applications
      ... ACROS Security is pleased to announce the publication of a security paper ... about a new class of attacks on web-based applications that we named ... "session fixation" attacks. ...
      (Bugtraq)
    • Security Paper: Session Fixation Vulnerability in Web-based Applications
      ... ACROS Security is pleased to announce the publication of a security paper ... about a new class of attacks on web-based applications that we named ... "session fixation" attacks. ...
      (NT-Bugtraq)
    • Re: Pelosi & Reid Will Not Like Progress Cited in Iraq Quarterly Report
      ... This is from 4 pages, less than 10 percent, of the report. ... Reid has called General Petraeus a liar for saying progress had been made in Iraq, and more recently he has called Petraeus and outgoing chairman of the Joint Chiefs,Marine Gen. ... Assessment of the Security Environment— ... the frequency and intensity of attacks on the ...
      (soc.retirement)
    • Re: Pelosi & Reid Will Not Like Progress Cited in Iraq Quarterly Report
      ... This is from 4 pages, less than 10 percent, of the report. ... Reid has called General Petraeus a liar for saying progress had been made in Iraq, and more recently he has called Petraeus and outgoing chairman of the Joint Chiefs,Marine Gen. ... Assessment of the Security Environment— ... the frequency and intensity of attacks on the ...
      (soc.retirement)
    • Re: Cracking WEP and WPA keys
      ... SecurityFocus wi-fi security mailing list. ... >>802.11G PCMCIA card, and the Linux server was running Samba to talk to ... >>Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)