Submeter #558374: 20120630 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 broken function level authorizationinformação

Título20120630 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 broken function level authorization
DescriçãoVulnerability 3 – User Session Leak (CVE-2) Title: User Session Information Disclosed via Unauthenticated Endpoint Details: File: novel-system/src/main/java/com/java2nb/system/controller/SessionController.java Endpoint: GET /list Returns: List<UserOnline> including session IDs, IP addresses, login timestamps. Example Request: curl http://target-ip:port/list Impact: Attackers can retrieve real-time user session data, which could be exploited for social engineering or session hijacking. CWE: CWE-306
Fonte⚠️ https://www.cnblogs.com/aibot/p/18827502
Utilizador
 Anonymous User
Submissão15/04/2025 15h04 (há 1 Ano)
Moderação27/04/2025 19h53 (12 days later)
EstadoDuplicado
Entrada VulDB306368 [20120630 Novel-Plus até 0e156c04b4b7ce0563bef6c97af4476fcda8f160 SessionController.java list Autenticação fraca]
Pontos0

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!