mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-06 11:22:22 +00:00
972 B
972 B
CVE-2016-9125
&color=brightgreen)
Description
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session.
POC
Reference
Github
No PoCs found on GitHub currently.