Required CVE Record Information
Description
Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID.
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 3 Total
- openwall.com: [oss-security] 20170202 Re: CVE request: multiples vulnerabilities in Revive Adserver mailing-listx_transferred
- https://www.revive-adserver.com/security/revive-sa-2017-001/ x_transferred
- securityfocus.com: 95875 vdb-entryx_transferred