Summary
Drupal is vulnerable to session hijacking.
Impact
An attacker may gain unauthorized access to the application.
Impact Level: Application
Solution
Upgrade to Drupal 6.34, 7.34 or later
Insight
A special crafted request can give a user access to another user's session, allowing an attacker to hijack a random session.
Affected
Drupal 6.x versions prior to 6.34. Drupal 7.x versions prior to 7.34.
Detection
Check the version of Drupal.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-9015 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities