Business Objects Crystal Reports Predictable Session Identifiers Session Hijacking Vulnerability

Bugtraq ID:	21350
Class:	Design Error
CVE:	CVE-2006-4099
Remote:	Yes
Local:	No
Published:	Nov 29 2006 12:00AM
Updated:	Nov 30 2006 04:09AM
Credit:	LB Jennings, M Ruks, and HMG Grobbelaar of MWR Infosecurity are credited with the discovery of this vulnerability.
Vulnerable:	Business Objects Crystal Enterprise 10.0 Business Objects Crystal Enterprise 9.0

Not Vulnerable:	Business Objects BusinessObjects Enterprise XI 0 Business Objects Business Objects Enterprise XIr2