Описание
Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 6.0 (включая) до 6.34 (исключая)Версия от 7.0 (включая) до 7.34 (исключая)
Одно из
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.0191
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
ubuntu
больше 10 лет назад
Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions.
debian
больше 10 лет назад
Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to ...
github
около 3 лет назад
Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions.
EPSS
Процентиль: 82%
0.0191
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-264