Описание
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | DNE | |
| feisty | ignored | end of life, was needs-triage |
| gutsy | DNE | |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| upstream | released | 5.9 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| feisty | DNE | |
| gutsy | ignored | end of life, was needs-triage |
| hardy | released | 5.7-1ubuntu1.1 |
| intrepid | not-affected | 5.9-1ubuntu1 |
| jaunty | not-affected | 5.9-1ubuntu1 |
| karmic | not-affected | 5.9-1ubuntu1 |
| upstream | released | 5.9 |
Показывать по
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before ...
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.
EPSS
5.8 Medium
CVSS2