Rapid7 Nexpose prior to 5.5.4 contains a session hijacking vulnerability which allows remote malicious users to capture a user's session and gain unauthorized access.
rapid7 nexpose