Description

mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.

Remediation

References

CVE-2013-2249

Related Vulnerabilities

Joomla CVE-2021-26031 Vulnerability (CVE-2021-26031)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4898)

WordPress Plugin Rich Counter Cross-Site Scripting (1.1.5)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-8958)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5868)

Severity

High

Classification

CVE-2013-2249

Tags

Missing Update Known Vulnerabilities