Description

Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier.

Remediation

References

CVE-2006-1228

Related Vulnerabilities

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0702)

Jenkins Incorrect Default Permissions Vulnerability (CVE-2023-43496)

osTicket Other Vulnerability (CVE-2005-1439)

Oracle JRE CVE-2012-1716 Vulnerability (CVE-2012-1716)

Envoy Proxy Improper Handling of Exceptional Conditions Vulnerability (CVE-2024-23325)

Severity

Medium

Classification

CVE-2006-1228 CWE-287

Tags

Missing Update Known Vulnerabilities