Loading
Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack sessions by leveraging an unattended workstation, aka ZEN-12691.
Cite this page
CVE-2014-9386. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2014-9386
Use Zenoss vendor hub and Zenoss Core product page to widen CVE-2014-9386 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2014-6261, CVE-2014-6262 and CVE-2014-9249 for nearby disclosures in the same product family.