Security Advisory

CVE-2012-4529

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2013-10-28 21:00:00

Last updated 2024-08-06 20:42:54

Assigner redhat

State PUBLISHED

Description

The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log.

← Browse all CVEs View on cve.org ↗