Description
The J2EE application is configured to use an insufficient session ID length.
Extended Description
If an attacker can guess or steal a session ID, then they may be able to take over the user's session (called session hijacking). The number of possible session IDs increases with increased session ID length, making it more difficult to guess or steal a session ID.
CVE vulnerabilities with CWE-6 (1)
8.8
CVSS
HIGH
CVE-2018-12538
pub. 2018-06-22