Description
Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions.
Remediation
References
Related Vulnerabilities
Moodle Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-9187)
WordPress Plugin WP Custom Admin Login Page Logo Unspecified Vulnerability (1.4.1)
WordPress Plugin Vertical News Scroller Cross-Site Scripting (1.9)
PHP Use of Externally-Controlled Format String Vulnerability (CVE-2015-8617)
WordPress Plugin WordPress Bitcoin Payments-Blockonomics Cross-Site Scripting (3.5.7)