Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-4529

Опубликовано: 10 окт. 2012
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5tomcat5Not affected
Red Hat Enterprise Linux 6tomcat6Not affected
Red Hat JBoss BRMS 5jbosswebNot affected
Red Hat JBoss Enterprise Web Server 1tomcat5Not affected
Red Hat JBoss Enterprise Web Server 1tomcat6Not affected
Red Hat JBoss Portal 5jbosswebNot affected
Red Hat JBoss Portal 6jbosswebAffected
Red Hat JBoss SOA Platform 5jbosswebNot affected
Red Hat JBoss Enterprise Application Platform 6.1FixedRHSA-2013:083320.05.2013
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5apache-commons-daemon-eap6FixedRHSA-2013:083920.05.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=868202Web: jsessionid exposed via encoded url when using cookie based session tracking

EPSS

Процентиль: 68%
0.00563
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-4529

ubuntu
больше 12 лет назад

The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log.

nvd логотип

CVE-2012-4529

nvd
больше 12 лет назад

The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log.

debian логотип

CVE-2012-4529

debian
больше 12 лет назад

The org.apache.catalina.connector.Response.encodeURL method in Red Hat ...

github логотип

GHSA-jfrq-h23h-p4q6

github
больше 3 лет назад

The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log.

EPSS

Процентиль: 68%
0.00563
Низкий

4.3 Medium

CVSS2

Уязвимость CVE-2012-4529