Summary
Drupal is vulnerable to session hijacking.
Impact
An attacker may gain unauthorized access to the application.
Impact Level: Application
Solution
Upgrade to Drupal 6.34, 7.34 or later
Insight
A special crafted request can give a user access to another user's session, allowing an attacker to hijack a random session.
Affected
Drupal 6.x versions prior to 6.34. Drupal 7.x versions prior to 7.34.
Detection
Check the version of Drupal.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-9015 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Admidio get_file.php Remote File Disclosure Vulnerability
- Apache Web Server ETag Header Information Disclosure Weakness
- An Image Gallery Directory Traversal Vulnerability