2008-10-22 17:00:00
mitre
PUBLISHED
Mantis before 1.1.3 does not unset the session cookie during logout, which makes it easier for remote attackers to hijack sessions.