Описание
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-3222
- https://bugzilla.redhat.com/show_bug.cgi?id=454849
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43706
- https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html
- http://drupal.org/node/280571
- http://drupal.org/node/286417
- http://secunia.com/advisories/31079
- http://secunia.com/advisories/31211
- http://www.openwall.com/lists/oss-security/2008/07/10/3
- http://www.securityfocus.com/bid/30168
- http://www.securityfocus.com/bid/30359
Связанные уязвимости
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before ...