Apache Axis2 Session Fixation
-----------------------------
Key: AXIS2-4739
URL: https://issues.apache.org/jira/browse/AXIS2-4739
Project: Axis2
Issue Type: Bug
Affects Versions: 1.4.1, 1.5, 1.5.1
Environment: Tested on Linux Ubuntu, Debian
Reporter: Tiago Ferreira Barbosa
Priority: Critical
I was found a Session Fixation Vulnerability in Apache Axis2. When successfully
exploited, allows to fix a session Cookie in the browser of the victim, this
way it's possible to perform session hijacking attacks
To protect against session fixation, the HTTP session must be invalidated and
recreated on login, giving the user a new session id.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
