← Retour aux CVEs
CVE-2012-4529
N/ADescription
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log.
Details CVE
Score CVSS v3.1N/A
Publie10/28/2013
Derniere modification4/11/2025
Sourcenvd
Observations honeypot0
Produits affectes
redhat:jboss_community_application_serverredhat:jboss_enterprise_application_platform
References
http://ocpsoft.org/support/topic/session-id-is-appended-as-url-path-parameter-in-very-first-request/(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2013-0833.html(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2013-0834.html(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2013-0839.html(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2013-1437.html(secalert@redhat.com)
https://issues.jboss.org/browse/JBWEB-249(secalert@redhat.com)
http://ocpsoft.org/support/topic/session-id-is-appended-as-url-path-parameter-in-very-first-request/(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0833.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0834.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-0839.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-1437.html(af854a3a-2127-422b-91ae-364da2661108)
https://issues.jboss.org/browse/JBWEB-249(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.