CVE-2010-2473
N/A
N/A
Summary
Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| drupal6 | drupal6 | 6.x before version 6.16 | affected |
| drupal6 | drupal6 | 5.x before version 5.22 | affected |
Weaknesses
- user session regeneration
ADP Enrichment
CVE Program Container
Additional References
- https://security-tracker.debian.org/tracker/CVE-2010-2473
- https://www.drupal.org/node/731710
- https://www.openwall.com/lists/oss-security/2010/06/28/8
References
- https://security-tracker.debian.org/tracker/CVE-2010-2473
- https://www.drupal.org/node/731710
- https://www.openwall.com/lists/oss-security/2010/06/28/8
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.