CVE-2008-3222 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-3222
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-3222

Description: Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/43706 SAID Secunia Advisory: SA31211 Secunia Advisory: SA31079 MLIST http://www.openwall.com/lists/oss-security/2008/07/10/3 FEDORA CONFIRM http://drupal.org/node/280571 http://drupal.org/node/286417 BID 30168 30359

Return to the previous page.