| Vulnerability Name: | CVE-2008-3222 (CCN-43706) | ||||||||
| Assigned: | 2008-07-09 | ||||||||
| Published: | 2008-07-09 | ||||||||
| Updated: | 2021-04-15 | ||||||||
| Summary: | Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-384 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-3222 Source: CCN Type: DRUPAL-SA-2008-044 Drupal core - Multiple vulnerabilities Source: CONFIRM Type: Patch, Vendor Advisory http://drupal.org/node/280571 Source: CCN Type: DRUPAL-SA-2008-046 Drupal core - Session fixation Source: CONFIRM Type: Patch, Vendor Advisory http://drupal.org/node/286417 Source: CCN Type: SA31028 Drupal Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 31079 Source: CCN Type: SA31211 Drupal Session Fixation Vulnerability Source: SECUNIA Type: Third Party Advisory 31211 Source: CCN Type: SourceForge.net: Files vbDrupal, File Release Notes and Changelog, Release Name: 5.8.0 Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20080710 CVE request: multiple drupal issues in < 6.3,5.8 Source: CCN Type: OSVDB ID: 46945 Drupal User Module Session Fixation Source: BID Type: Patch, Third Party Advisory, VDB Entry 30168 Source: CCN Type: BID-30168 Drupal Multiple Remote Vulnerabilities Source: BID Type: Patch, Third Party Advisory, VDB Entry 30359 Source: CCN Type: BID-30359 Drupal Session Fixation Vulnerability Source: CCN Type: vbDrupal Web site vbDrupal | The best CMS combined with the most popular forum Source: CONFIRM Type: Issue Tracking, Patch, Third Party Advisory https://bugzilla.redhat.com/show_bug.cgi?id=454849 Source: XF Type: Third Party Advisory, VDB Entry drupal-unspecified-session-hijacking(43706) Source: XF Type: UNKNOWN drupal-unspecified-session-hijacking(43706) Source: FEDORA Type: Third Party Advisory FEDORA-2008-6916 Source: FEDORA Type: Third Party Advisory FEDORA-2008-6415 Source: FEDORA Type: Third Party Advisory FEDORA-2008-6411 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||