Description
Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions.
Remediation
References
Related Vulnerabilities
MySQL CVE-2019-2587 Vulnerability (CVE-2019-2587)
MySQL CVE-2013-3809 Vulnerability (CVE-2013-3809)
OpenSSL Inefficient Regular Expression Complexity Vulnerability (CVE-2023-3446)
WordPress Plugin Mini Mail Dashboard Widget 'abspath' Parameter Remote File Include (1.36)
Oracle Application Server Other Vulnerability (CVE-2007-1609)