CVE-2016-4309 - CERT CVE

  1. CVE-2016-4309

ID CVE-2016-4309
Sažetak Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter.
Reference
CVSS
Base: 7.6
Impact: 10.0
Exploitability:4.9
Pristup
VektorSloženostAutentikacija
NETWORK HIGH NONE
Impact
PovjerljivostCjelovitostDostupnost
COMPLETE COMPLETE COMPLETE
CVSS vektor AV:N/AC:H/Au:N/C:C/I:C/A:C
Zadnje važnije ažuriranje 27-08-2020 - 18:32
Objavljeno 30-06-2016 - 17:59