Joomla! Session Fixation Vulnerability

Bugtraq ID:	39708
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 23 2010 12:00AM
Updated:	Apr 23 2010 12:00AM
Credit:	Raúl Siles and Steven Pignataro
Vulnerable:	Joomla Joomla 1.5.15 Joomla Joomla 1.5.14 Joomla Joomla 1.5.13 Joomla Joomla 1.5.12 Joomla Joomla 1.5.11 Joomla Joomla 1.5.10 Joomla Joomla 1.5.9 Joomla Joomla 1.5.8 Joomla Joomla 1.5.7 Joomla Joomla 1.5.6 Joomla Joomla 1.5.5 Joomla Joomla 1.5.4 Joomla Joomla 1.5.3 Joomla Joomla 1.5.2 Joomla Joomla 1.5.1 Joomla Joomla 1.5
Not Vulnerable:	Joomla Joomla 1.5.16

Joomla! Session Fixation Vulnerability

Joomla! is prone to a session-fixation vulnerability.

Attackers can exploit this issue to hijack a user's session and gain unauthorized access to the affected application.

Joomla! versions 1.5 through 1.5.15 are affected.

Joomla! Session Fixation Vulnerability

An attacker can exploit this issue by enticing an unsuspecting victim into following a malicious URI.

Joomla! Session Fixation Vulnerability

Solution:
Updates are available; please see the references for details.


Joomla Joomla 1.5

• Joomla Joomla_1.5.16-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/12153/49329/Joomla_1.5.16 -Stable-Full_Package.zip

Joomla Joomla 1.5.1

• Joomla Joomla_1.5.16-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/12153/49329/Joomla_1.5.16 -Stable-Full_Package.zip

Joomla Joomla 1.5.10

• Joomla Joomla_1.5.16-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/12153/49329/Joomla_1.5.16 -Stable-Full_Package.zip

Joomla Joomla 1.5.11

• Joomla Joomla_1.5.16-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/12153/49329/Joomla_1.5.16 -Stable-Full_Package.zip

Joomla Joomla 1.5.12

• Joomla Joomla_1.5.16-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/12153/49329/Joomla_1.5.16 -Stable-Full_Package.zip

Joomla Joomla 1.5.13

• Joomla Joomla_1.5.16-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/12153/49329/Joomla_1.5.16 -Stable-Full_Package.zip

Joomla Joomla 1.5.14

• Joomla Joomla_1.5.16-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/12153/49329/Joomla_1.5.16 -Stable-Full_Package.zip

Joomla Joomla 1.5.15

• Joomla Joomla_1.5.16-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/12153/49329/Joomla_1.5.16 -Stable-Full_Package.zip

Joomla Joomla 1.5.2

• Joomla Joomla_1.5.16-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/12153/49329/Joomla_1.5.16 -Stable-Full_Package.zip

Joomla Joomla 1.5.3

• Joomla Joomla_1.5.16-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/12153/49329/Joomla_1.5.16 -Stable-Full_Package.zip

Joomla Joomla 1.5.4

• Joomla Joomla_1.5.16-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/12153/49329/Joomla_1.5.16 -Stable-Full_Package.zip

Joomla Joomla 1.5.5

• Joomla Joomla_1.5.16-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/12153/49329/Joomla_1.5.16 -Stable-Full_Package.zip

Joomla Joomla 1.5.6

• Joomla Joomla_1.5.16-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/12153/49329/Joomla_1.5.16 -Stable-Full_Package.zip

Joomla Joomla 1.5.7

• Joomla Joomla_1.5.16-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/12153/49329/Joomla_1.5.16 -Stable-Full_Package.zip

Joomla Joomla 1.5.8

• Joomla Joomla_1.5.16-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/12153/49329/Joomla_1.5.16 -Stable-Full_Package.zip

Joomla Joomla 1.5.9

• Joomla Joomla_1.5.16-Stable-Full_Package.zip
  http://joomlacode.org/gf/download/frsrelease/12153/49329/Joomla_1.5.16 -Stable-Full_Package.zip

Joomla! Session Fixation Vulnerability

References:

• Joomla! Homepage (Joomla!)