Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5964

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-5964
Last Modified 15 Aug 2009 01:17:29
Published 23 Jan 2009 02:00:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5964

Summary

Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

Vulnerable Systems

Application

  • Impresscms 1.0

  • Impresscms 1.0.1

  • Impresscms 1.0.2

  • Impresscms 1.0.3

  • Impresscms 1.1


References

XF - impresscms-phpsessid-session-hijacking(46989)

BID - 32495

BUGTRAQ - 20081203 Re: [HACKATTACK Advisory 20081127]Social Impress CMS 1.1 - Session Fixation

BUGTRAQ - 20081127 [HACKATTACK Advisory 20081127]Social Impress CMS 1.1 - Session Fixation

CONFIRM - http://wiki.impresscms.org/index.php?title=Change_Log#2008-12-2_:_1.1.1_RC

CONFIRM - http://sourceforge.net/forum/forum.php?forum_id=893767

SECUNIA - 32985

OSVDB - 50413


Last Updated: 27 May 2016 10:49:00