CVE-2001-1534

low

Apache

CVSS v3 Base Score

2.1

AV:L/AC:L/Au:N/C:P/I:N/A:N

EPSS Score

0.1%

Exploitation probability in 30 days

Top 69% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Confidentiality

Integrity

None

Availability

None

Published: December 31, 2001 (8900 days ago)

Last Modified: April 16, 2026

Vendor: Apache

Source: NVD

Description

mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.

CWE

CWE-384

Affected Products

apache http server

References

🔗 cert.uni-stuttgart.de 🔗 www.iss.net 🔗 www.securityfocus.com 🔗 cert.uni-stuttgart.de 🔗 www.iss.net

CVE-2001-1534

Vulnerability Report

Description

CWE

Affected Products

References