Security Advisory

CVE-2014-0999

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2015-06-02 14:00:00

Last updated 2024-08-06 09:34:41

Assigner mitre

State PUBLISHED

Description

Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.

← Browse all CVEs View on cve.org ↗