mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-31 01:51:16 +02:00
972 B
972 B
CVE-2016-9125
&color=brightgreen)
Description
Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have been an opportunity for an attacker to steal an authenticated session.
POC
Reference
Github
No PoCs found on GitHub currently.