4.3
CVE-2012-4529
- EPSS 0.56%
- Veröffentlicht 28.10.2013 21:55:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Jboss Community Application Server Version <= 7.1.1
Redhat ≫ Jboss Community Application Server Version5.0.0
Redhat ≫ Jboss Community Application Server Version5.0.1
Redhat ≫ Jboss Community Application Server Version5.1.0
Redhat ≫ Jboss Community Application Server Version6.0.0
Redhat ≫ Jboss Community Application Server Version6.1.0
Redhat ≫ Jboss Community Application Server Version7.0.0
Redhat ≫ Jboss Community Application Server Version7.0.1
Redhat ≫ Jboss Community Application Server Version7.0.2
Redhat ≫ Jboss Community Application Server Version7.1.0
Redhat ≫ Jboss Enterprise Application Platform Version6.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.56% | 0.657 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|