CVE-2007-4438

Ampache <3.3.3.5 - Info Disclosure

Title source: llm

Description

Session fixation vulnerability in Ampache before 3.3.3.5 allows remote attackers to hijack web sessions via unspecified vectors.

References (6)

[Issue Tracking] http://bugs.gentoo.org/show_bug.cgi?id=189607

[Patch, Vendor Advisory] http://secunia.com/advisories/26542

[Third Party Advisory] http://secunia.com/advisories/27253

[Patch] http://www.ampache.org/announce/3_3_3_5.php

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36122

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200710-13.xml

Scores

EPSS 0.0088

EPSS Percentile 75.2%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

ampache/ampache < 3.3.3.4

Timeline

Published Aug 20, 2007

Tracked Since Feb 18, 2026