CVE-2008-3222

EUVD-2008-3211
Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
drupaldrupal
5.0 ≤
𝑥
< 5.9
drupaldrupal
6.0 ≤
𝑥
< 6.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
drupal
dapper
ignored
feisty
ignored
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
drupal5
dapper
dne
feisty
dne
gutsy
ignored
hardy
Fixed 5.7-1ubuntu1.1
released
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
Common Weakness Enumeration
References
http://drupal.org/node/280571
http://drupal.org/node/286417
http://secunia.com/advisories/31079
http://secunia.com/advisories/31211
http://www.openwall.com/lists/oss-security/2008/07/10/3
http://www.securityfocus.com/bid/30168
http://www.securityfocus.com/bid/30359
https://bugzilla.redhat.com/show_bug.cgi?id=454849
https://exchange.xforce.ibmcloud.com/vulnerabilities/43706
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html
http://drupal.org/node/280571
http://drupal.org/node/286417
http://secunia.com/advisories/31079
http://secunia.com/advisories/31211
http://www.openwall.com/lists/oss-security/2008/07/10/3
http://www.securityfocus.com/bid/30168
http://www.securityfocus.com/bid/30359
https://bugzilla.redhat.com/show_bug.cgi?id=454849
https://exchange.xforce.ibmcloud.com/vulnerabilities/43706
https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html