Package: apache Severity: normal mod_usertrack generates non-random cookies (see the source code and http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1534). I don't think that this is a real security issue because mod_usertrack only uses the cookies for invading user privacy, not for authentication (however, there seems to be one Apache Perl module that uses these cookies for some kind of session ID). The MITRE database seems to disagree, so please check who's right. Thanks.
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
