WEB APPLICATION VULNERABILITIES Standard & Premium

Apache HTTP Server Session Fixation Vulnerability (CVE-2018-17199)

Description

In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.

Remediation

References

Related Vulnerabilities

WordPress Plugin Click to Chat Cross-Site Scripting (1.6)

WordPress Plugin Boozang Cross-Site Scripting (1.1)

WordPress Plugin WooCommerce Cross-Site Scripting (2.4.8)

WordPress Plugin WP Reroute Email Cross-Site Request Forgery (1.4.6)

ownCloud Other Vulnerability (CVE-2022-25338)

Severity

High

Classification

CVE-2018-17199 CWE-384 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities