PT-2006-2244 · Drupal · Drupal
Markus Petrux
·
Publicado
2006-03-14
·
Atualizado
2018-10-18
·
CVE-2006-1228
CVSS v2.0
5.1
Média
| Vetor | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Drupal versions 4.5.x through 4.5.7
Drupal versions 4.6.x through 4.6.7
Description
A session fixation issue allows remote attackers to gain privileges by tricking a user into clicking on a URL that fixes the session identifier.
Recommendations
For versions 4.5.x through 4.5.7, update to version 4.5.8 or later.
For versions 4.6.x through 4.6.7, update to version 4.6.8 or later.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Drupal