Description

Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID.

Remediation

References

CVE-2017-5831

Related Vulnerabilities

Lodash CVE-2018-3721 Vulnerability (CVE-2018-3721)

WebLogic CVE-2019-2891 Vulnerability (CVE-2019-2891)

MySQL CVE-2016-0647 Vulnerability (CVE-2016-0647)

WordPress Plugin CM Table Of Contents Cross-Site Scripting (1.0.7)

WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files Multiple Vulnerabilities (1.6.0)

Severity

Medium

Classification

CVE-2017-5831 CWE-384 CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Tags

Missing Update Known Vulnerabilities