Lucene search

[email protected]CVE-2015-5458

HistoryJul 08, 2015 - 3:59 p.m.

CVE-2015-5458

2015-07-0815:59:11

[email protected]

web.nvd.nist.gov

cve-2015-5458

session fixation

pivotx

web sessions hijacking

fileupload.php

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.2%

JSON

Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter.

Affected configurations

NVD

Node

pivotxpivotxRange≤2.3.10

CPENameOperatorVersion
pivotx:pivotxpivotxle2.3.10

CPE	Name	Operator	Version
pivotx:pivotx	pivotx	le	2.3.10

References

blog.pivotx.net/archive/2015/06/21/pivotx-2311-released

packetstormsecurity.com/files/132474/PivotX-2.3.10-Session-Fixation-XSS-Code-Execution.html

software-talk.org/blog/2015/06/session-fixation-xss-code-execution-vulnerability-pivotx/

sourceforge.net/p/pivot-weblog/code/4450/tree//branches/2.3.x/pivotx/fileupload.php?diff=51a4cb5e34309d75c0d1612a:4449

www.securityfocus.com/archive/1/535860/100/0/threaded

www.securityfocus.com/bid/75577

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.025 Low

EPSS

Percentile

90.2%

JSON

Related for CVE-2015-5458

cvelist1 prion1 nvd1 openvas1