4 matches found
CVE-2008-2318
The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs...
Information disclosure
The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs...
CVE-2008-2318
The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs...
Apple Xcode WebObjects WOHyperlink信息泄露漏洞
BUGTRAQ ID: 30191 CVECAN ID: CVE-2008-2318 Xcode是苹果机器上所使用的开发工具。 WebObjects中包含有一个API用于通过WOHyperlink动态单元在HTML文档中生成URL。在使用时即使对于绝对URL WOHyperlink也会向所生成的URL附加会话ID,因此使用WOHyperlink创建指向其他站点的URL可能导致向该站点泄露当前用户的会话ID。 Apple XCode 2.0 - 3.0 Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.apple.com...