CVE-2007-3988

Session fixation vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

Published: Jul 25, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-3988
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
virtual_hosting_control_system / virtual_hosting_control_system	-	2.4.7.1.x

http://secunia.com/advisories/26142
http://securityreason.com/securityalert/2926
http://www.majorsecurity.de/index_2.php?major_rls=major_rls51
http://www.securityfocus.com/archive/1/474324/100/0/threaded
http://www.securityfocus.com/bid/25006
https://exchange.xforce.ibmcloud.com/vulnerabilities/35548

Vulnerability Database

290,020

CVE-2007-3988