Session Fixation Vulnerability in Revive Adserver before 4.0.1 Allows Remote Session Hijacking

Session Fixation Vulnerability in Revive Adserver before 4.0.1 Allows Remote Session Hijacking

CVE-2017-5831 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:N

Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID.

Learn more about our Web App Pen Testing.