VIR Vulnerability Intelligence Relay

CVE-2014-10400

unknown
Published — · Modified —
CVSS v3
CVSS v2
VIR risk

Description

The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-10400

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed0
debian debianbullseyefixed0
debian debiantrixiefixed0

References

Verify integrity in audit chain (admin only). AS-IS.