By exploiting this vulnerability, an attacker may conduct a session
fixation attack. In a session fixation attack, the attacker fixes the
user's session ID before the user even logs into the target server, thereby
eliminating the need to obtain the user's session ID afterwards.
# Bug explanation - Session Fixation Attack/Meta Tag Exploitation:
By injecting a custom HTTP header or by injecting a META tag, it is
possible to alter the cookies stored in the browser. Attackers will
normally manipulate cookie values to fraudulently authenticate themselves
on a web site.
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.