Описание
The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests.
The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-8391
- https://www.exploit-db.com/exploits/37114
- http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html
- http://seclists.org/fulldisclosure/2015/May/95
- http://www.securityfocus.com/archive/1/535592/100/0/threaded
- http://www.sendio.com/software-release-history
Связанные уязвимости
nvd
больше 10 лет назад
The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests.