IBM WebSphere Commerce CVE-2017-1170 Local Session Hijacking Vulnerability

IBM WebSphere Commerce is prone to a local session-hijacking vulnerability.

An attacker can leverage this issue to gain unauthorized access to the affected application.

IBM WebSphere Commerce 8.0.3.0 through 8.0.3.3, 8.0.1.0 through 8.0.1.9 and 8.0.0.0 through 8.0.0.17 are vulnerable.

Information

Bugtraq ID: 98027
Class: Input Validation Error
CVE: CVE-2017-1170

Remote: No
Local: Yes
Published: Apr 21 2017 12:00AM
Updated: Apr 26 2017 04:10PM
Credit: IBM
Vulnerable: IBM WebSphere Commerce 8.0.3.3
IBM WebSphere Commerce 8.0.3.0
IBM WebSphere Commerce 8.0.1.9
IBM WebSphere Commerce 8.0.1.8
IBM WebSphere Commerce 8.0.1.2
IBM WebSphere Commerce 8.0.1.1
IBM WebSphere Commerce 8.0.1.0
IBM WebSphere Commerce 8.0.0.9
IBM WebSphere Commerce 8.0.0.8
IBM WebSphere Commerce 8.0.0.7
IBM WebSphere Commerce 8.0.0.6
IBM WebSphere Commerce 8.0.0.5
IBM WebSphere Commerce 8.0.0.4
IBM WebSphere Commerce 8.0.0.2
IBM WebSphere Commerce 8.0.0.17
IBM WebSphere Commerce 8.0.0.16
IBM WebSphere Commerce 8.0.0.10
IBM WebSphere Commerce 8.0.0.0

Not Vulnerable: IBM WebSphere Commerce 8.0.3.4
IBM WebSphere Commerce 8.0.1.11
IBM WebSphere Commerce 8.0.0.18

Exploit

An attacker can exploit this issue using readily available tools.

References:

Source: www.securityfocus.com

Exploit Collector

Search Exploit