Description
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID.
Remediation
References
Related Vulnerabilities
WordPress 'wp-login.php' HTTP Response Splitting Vulnerability (1.2)
WordPress 3.8.x Arbitrary File Deletion Vulnerability (3.8 - 3.8.26)
Oracle Database Server CVE-2006-0260 Vulnerability (CVE-2006-0260)
WebLogic CVE-2020-2551 Vulnerability (CVE-2020-2551)
WordPress Plugin Instagram Feed Cross-Site Scripting (1.4.6.2)