Description

Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.

Remediation

References

CVE-2008-3222

Related Vulnerabilities

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-1499)

MySQL CVE-2018-3074 Vulnerability (CVE-2018-3074)

Oracle Database Server CVE-2008-2602 Vulnerability (CVE-2008-2602)

WordPress Plugin Sticky Ad Bar Cross-Site Scripting (1.3.1)

Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-7852)

Severity

Medium

Classification

CVE-2008-3222 CWE-384

Tags

Missing Update Known Vulnerabilities