CVE-2014-0999

Опубликовано: 02 июн. 2015

Источник: nvd

CVSS2: 5

EPSS Средний

Описание

Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.

Ссылки

http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html
Exploit
http://seclists.org/fulldisclosure/2015/May/95
Exploit
http://www.exploit-db.com/exploits/37114
Exploit
http://www.securityfocus.com/archive/1/535592/100/0/threaded
http://www.sendio.com/software-release-history/
Vendor Advisory
http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html
Exploit
http://seclists.org/fulldisclosure/2015/May/95
Exploit
http://www.exploit-db.com/exploits/37114
Exploit
http://www.securityfocus.com/archive/1/535592/100/0/threaded
http://www.sendio.com/software-release-history/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sendio:sendio:*:*:*:*:*:*:*:*

Версия до 7.2.3 (включая)

EPSS

Процентиль: 94%

0.14481

Средний

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-9rg4-v77r-32p7

github

больше 3 лет назад