Weakness Name | Source | |
---|---|---|
Session Fixation Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. |
Metric | Score | Severity | CVSS Vector | Source |
---|---|---|---|---|
V2 | 5.8 | AV:N/AC:M/Au:N/C:P/I:P/A:N | [email protected] |
Drupal>>Drupal >> Version From (including) 5.0 To (excluding) 5.9
Drupal>>Drupal >> Version From (including) 6.0 To (excluding) 6.3
Fedoraproject>>Fedora >> Version 8
Fedoraproject>>Fedora >> Version 9