Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3222

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-3222
Last Modified 19 Aug 2009 12:00:00
Published 18 Jul 2008 12:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3222

Summary

Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.

Vulnerable Systems

Application

  • Drupal 5

  • Drupal 5.0

  • Drupal 5.1

  • Drupal 5.2

  • Drupal 5.3

  • Drupal 5.4

  • Drupal 5.5

  • Drupal 5.5.

  • Drupal 5.6

  • Drupal 5.7

  • Drupal 5.8

  • Drupal 6

  • Drupal 6.0

  • Drupal 6.1

  • Drupal 6.2


References

BID - 30359

BID - 30168

CONFIRM - http://drupal.org/node/286417

CONFIRM - http://drupal.org/node/280571

FEDORA - FEDORA-2008-6411

FEDORA - FEDORA-2008-6415

FEDORA - FEDORA-2008-6916

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=454849

XF - drupal-unspecified-session-hijacking(43706)

MLIST - [oss-security] 20080710 CVE request: multiple drupal issues in < 6.3,5.8

SECUNIA - 31211

SECUNIA - 31079


Last Updated: 27 May 2016 10:48:07