Lucene search

PRIOn knowledge basePRION:CVE-2006-1228

HistoryMar 14, 2006 - 7:06 p.m.

Session fixation

2006-03-1419:06:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.0%

JSON

Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier.

CPENameOperatorVersion
drupaleq4.6.0
drupaleq4.5.0
drupaleq4.5.2
drupaleq4.5.1
drupaleq4.6.1
drupaleq4.5.3

Name	Operator	Version
drupal	eq	4.6.0
drupal	eq	4.5.0
drupal	eq	4.5.2
drupal	eq	4.5.1
drupal	eq	4.6.1
drupal	eq	4.5.3

References

secunia.com/advisories/19245

secunia.com/advisories/19257

securityreason.com/securityalert/580

www.debian.org/security/2006/dsa-1007

www.osvdb.org/23911

www.securityfocus.com/archive/1/427589/100/0/threaded

www.securityfocus.com/bid/17104

drupal.org/node/53805

exchange.xforce.ibmcloud.com/vulnerabilities/25205

7 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.0%

JSON

Related for PRION:CVE-2006-1228