Description

Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.

Remediation

References

CVE-2008-3222

Related Vulnerabilities

Oracle Database Server CVE-2016-5516 Vulnerability (CVE-2016-5516)

Nginx buffer underflow vulnerability

WordPress Plugin Video Metabox Cross-Site Scripting (1.1)

WordPress Improper Authentication Vulnerability (CVE-2009-2334)

Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5593)

Severity

Medium

Classification

CVE-2008-3222 CWE-384

Tags

Missing Update Known Vulnerabilities