4.3
CVE-2012-4529
- EPSS 0.56%
- Published 28.10.2013 21:55:04
- Last modified 11.04.2025 00:51:21
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log.
Data is provided by the National Vulnerability Database (NVD)
Redhat ≫ Jboss Community Application Server Version <= 7.1.1
Redhat ≫ Jboss Community Application Server Version5.0.0
Redhat ≫ Jboss Community Application Server Version5.0.1
Redhat ≫ Jboss Community Application Server Version5.1.0
Redhat ≫ Jboss Community Application Server Version6.0.0
Redhat ≫ Jboss Community Application Server Version6.1.0
Redhat ≫ Jboss Community Application Server Version7.0.0
Redhat ≫ Jboss Community Application Server Version7.0.1
Redhat ≫ Jboss Community Application Server Version7.0.2
Redhat ≫ Jboss Community Application Server Version7.1.0
Redhat ≫ Jboss Enterprise Application Platform Version6.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.56% | 0.657 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|