CVE-2012-5395 Information

Description

Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6 1.19.x before 1.19.3 and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie.

Reference

http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-November/000122.html https://bugzilla.wikimedia.org/show_bug.cgi?id=40962