CVE-2012-4529 in JBoss Enterprise Application Platforminfo

Summary

The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

08/21/2012

Disclosure

10/28/2013

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
8830	Red Hat JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL information disclosure	200	Not defined	Official fix	CVE-2012-4529

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!