Total
323 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4188 | 1 Joomla | 1 Joomla\! | 2024-08-07 | N/A |
| Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors. | ||||
| CVE-2008-3222 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2024-08-07 | N/A |
| Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors. | ||||
| CVE-2009-1580 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2024-08-07 | N/A |
| Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie. | ||||
| CVE-2010-3671 | 1 Typo3 | 1 Typo3 | 2024-08-07 | 6.5 Medium |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session. | ||||
| CVE-2010-1434 | 1 Joomla | 1 Joomla\! | 2024-08-07 | 7.5 High |
| Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | ||||
| CVE-2011-0717 | 1 Redhat | 2 Network Satellite, Network Satellite Server | 2024-08-06 | N/A |
| Session fixation vulnerability in Red Hat Network (RHN) Satellite Server 5.4 allows remote attackers to hijack web sessions via unspecified vectors related to Spacewalk. | ||||
| CVE-2012-2735 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2024-08-06 | N/A |
| Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie. | ||||
| CVE-2013-4572 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-08-06 | 7.5 High |
| The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows remote attackers to authenticate as the created user. | ||||
| CVE-2013-4213 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform | 2024-08-06 | N/A |
| Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client. | ||||
| CVE-2013-4128 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform | 2024-08-06 | N/A |
| Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client. | ||||
| CVE-2013-2249 | 1 Apache | 1 Http Server | 2024-08-06 | N/A |
| mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors. | ||||
| CVE-2013-2067 | 2 Apache, Redhat | 5 Tomcat, Enterprise Linux, Jboss Enterprise Application Platform and 2 more | 2024-08-06 | N/A |
| java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack. | ||||
| CVE-2013-2049 | 1 Redhat | 2 Cloudforms Management Engine, Cloudforms Managementengine | 2024-08-06 | N/A |
| Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret. | ||||
| CVE-2013-0507 | 1 Ibm | 1 Infosphere Information Server | 2024-08-06 | 8.1 High |
| IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability | ||||
| CVE-2014-125048 | 1 Kluks | 1 Xingwall | 2024-08-06 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session fixiation. The patch is named e9f0d509e1408743048e29d9c099d36e0e1f6ae7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217559. | ||||
| CVE-2014-10400 | 1 Keplerproject | 1 Cgilua | 2024-08-06 | 6.1 Medium |
| The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. | ||||
| CVE-2014-10399 | 1 Keplerproject | 1 Cgilua | 2024-08-06 | 6.1 Medium |
| The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. | ||||
| CVE-2014-4789 | 1 Ibm | 1 Initiate Master Data Service | 2024-08-06 | N/A |
| Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2014-2066 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
| Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies. | ||||
| CVE-2014-0152 | 2 Ovirt, Redhat | 3 Ovirt, Ovirt-engine, Rhev Manager | 2024-08-06 | N/A |
| Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | ||||