CVE-2001-1534

NameCVE-2001-1534
Descriptionmod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs328919

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
apache2 (PTS)jessie, jessie (lts)2.4.10-10+deb8u29vulnerable
stretch (security)2.4.25-3+deb9u13vulnerable
stretch (lts), stretch2.4.25-3+deb9u19vulnerable
buster, buster (lts)2.4.59-1~deb10u4vulnerable
buster (security)2.4.59-1~deb10u1vulnerable
bullseye2.4.62-1~deb11u1vulnerable
bullseye (security)2.4.62-1~deb11u2vulnerable
bookworm (security), bookworm2.4.62-1~deb12u2vulnerable
sid, trixie2.4.62-3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
apachesource(unstable)(unfixed)unimportant328919
apache2source(unstable)(unfixed)unimportant

Notes

Cookies are only used for invading user privacy,
not for authentication, so apache and apache2 should be fine.

Search for package or bug name: Reporting problems