Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Jboss EAP Vulnerability - CVE-2012-4529 - Vulnerability Database
Jboss EAP

Jboss EAP Vulnerability - CVE-2012-4529

Medium
Reference: CVE-2012-4529
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-4529
Title: Jboss EAP Vulnerability
Overview:

The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier when the tracking mode is set to COOKIE sends the jsessionid in the URL of the first response of a session which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log.