Lucene search
Ubuntu.comUB:CVE-2012-4529HistoryOct 28, 2013 - 12:00 a.m.
CVE-2012-4529
2013-10-2800:00:00
ubuntu.com
ubuntu.com
16
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
68.0%
The org.apache.catalina.connector.Response.encodeURL method in Red Hat
JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends
the jsessionid in the URL of the first response of a session, which allows
remote attackers to obtain the session id (1) via a man-in-the-middle
attack or (2) by reading a log.
Notes
| Author | Note |
|---|---|
| ebarretto | only builds a few libraries, not the full application server |
Related
prion
prion
Design/Logic Flaw
2013-10-28 21:55:00
veracode
veracode
Session ID Disclosure
2019-01-15 08:53:23
Authentication Bypass
2019-05-02 04:45:00
cve
cve
CVE-2012-4529
2013-10-28 21:55:00
nessus
nessus
RHEL 6 : JBoss EAP (RHSA-2013:0834)
2013-05-21 00:00:00
RHEL 5 : JBoss EAP (RHSA-2013:0839)
2013-05-21 00:00:00
JBoss Enterprise Application Platform 6.1.0 Update (RHSA-2013:0833)
2013-06-24 00:00:00
redhat
redhat
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
68.0%
Related for UB:CVE-2012-4529