CVE-2018-1148
First published: Fri May 18 2018(Updated: )
In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change.
Credit: vulnreport@tenable.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tenable Nessus | <7.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-1148?
CVE-2018-1148 is a vulnerability in Nessus before version 7.1.0 that allows for session fixation due to insufficient session management within the application.
How does CVE-2018-1148 affect Nessus?
CVE-2018-1148 affects Nessus versions prior to 7.1.0 and allows an authenticated attacker to maintain system access after a user password change.
What is the severity of CVE-2018-1148?
CVE-2018-1148 has a severity rating of 6.5 (Medium).
How can I fix CVE-2018-1148?
To fix CVE-2018-1148, upgrade Nessus to version 7.1.0 or later.
Where can I find more information about CVE-2018-1148?
You can find more information about CVE-2018-1148 at the following references: [SecurityTracker](http://www.securitytracker.com/id/1040918) and [Tenable Security Advisory](https://www.tenable.com/security/tns-2018-05).
- collector/nvd-index
- agent/weakness
- vendor/tenable
- canonical/tenable nessus