Description

Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.

Remediation

References

CVE-2008-3222

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-39117)

Undertow Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-3859)

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2021-41524)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1901)

Liferay Portal Missing Authorization Vulnerability (CVE-2023-3426)

Severity

Medium

Classification

CVE-2008-3222 CWE-384

Tags

Missing Update Known Vulnerabilities