Summary
Drupal is vulnerable to session hijacking.
Impact
An attacker may gain unauthorized access to the application.
Impact Level: Application
Solution
Upgrade to Drupal 6.34, 7.34 or later
Insight
A special crafted request can give a user access to another user's session, allowing an attacker to hijack a random session.
Affected
Drupal 6.x versions prior to 6.34. Drupal 7.x versions prior to 7.34.
Detection
Check the version of Drupal.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-9015 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- @Mail 'admin.php' Cross-Site Scripting Vulnerabilities
- Adobe ColdFusion HTTP Response Splitting Vulnerability
- Apache ActiveMQ Source Code Information Disclosure Vulnerability
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability