Description

Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.

Remediation

Update to Joomla! Core version 1.5.16 or latest

References

https://developer.joomla.org/security-centre/309-20100423-core-sessation-fixation.html

Related Vulnerabilities

Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2009-2902)

WordPress Plugin Bird Feeder Multiple Vulnerabilities (1.2.3)

Apache Tomcat Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-17569)

Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.3)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-14630)

Severity

High

Classification

CVE-2010-1434 CWE-384 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Session Fixation