PT-2017-6522 · Unknown · Rest-Client

Published

2015-05-15

Updated

2018-08-13

CVE-2015-1820

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions rest-client versions 1.6.1.a through 1.8.0

Description The issue allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.

Recommendations For versions 1.6.1.a through 1.7.x, update to version 1.8.0 or later to resolve the issue. For version 1.8.0, ensure you have the latest patch or update to prevent exploitation.

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

CVE-2015-1820

GHSA-3FHF-6939-QG8P

MGASA-2015-0227

RHSA-2021:1313

Affected Products

Rest-Client

PT-2017-6522 · Unknown · Rest-Client

CVE-2015-1820

Weakness Enumeration

Related Identifiers

Affected Products

References · 20