drupal-6.34-1.AXS3

Description:

Drupal is a free software package that allows an individual or a
community of users to easily publish, manage and organize a wide variety
of content on a website. Tens of thousands of people and organizations
have used Drupal to power scores of different web sites, including

* Community web portals
* Discussion sites
* Corporate web sites
* Intranet applications
* Personal web sites or blogs
* Aficionado sites
* E-commerce applications
* Resource directories
* Social Networking sites

Security issues fixed with this release:

Session hijacking (Drupal 6 and 7)

A specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session.

This attack is known to be possible on certain Drupal 7 sites which serve both HTTP and HTTPS content ("mixed-mode"), but it is possible there are other attack vectors for both Drupal 6 and Drupal 7.

CVE identifier hasn't been requested by Drupal yet.

https://www.drupal.org/SA-CORE-2014-006