Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP CVE-2012-4529 Vulnerability (CVE-2012-4529)

Description

The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log.

Remediation

References

Related Vulnerabilities

MySQL CVE-2013-0385 Vulnerability (CVE-2013-0385)

Drupal CVE-2009-3352 Vulnerability (CVE-2009-3352)

Python Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2019-9947)

phpMyFAQ Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-4558)

WordPress Plugin Find My Blocks Information Disclosure (3.3.2)

Severity

Medium

Classification

CVE-2012-4529

Tags

Missing Update Known Vulnerabilities