How to Buy
This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.
The remote web application is vulnerable to a session fixation
By manipulating cookies through a vulnerability similar to cross-site
scripting, an attacker can set the session cookies. The legitimate
user will be logged out of the application and after he logs in again,
the cookie will remain unchanged and the attacker will be able to
steal the open session and impersonate the user.
See also :
- Fix the application so that the session cookie is re-generated
after a successful authentication.
- Fix the cookie manipulation flaws.
Risk factor :
High / CVSS Base Score : 7.5
Family: Web Servers
Nessus Plugin ID: 45084 (http_session_fixation.nasl)
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.