Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Red Hat JBoss Web 会话ID信息泄露漏洞
Vulnerability Description
Red Hat JBoss Web是美国(Red Hat)公司的一款构建在Apache和Tomcat之上的Web服务器,它支持在自定义、轻量级的框架中开发大型网站以及Web应用程序。 Red Hat JBoss Web 7.1.x及之前的版本中的org.apache.catalina.connector.Response.encodeURL方法中存在安全漏洞,该漏洞源于当使用COOKIE会话跟踪方法时,程序在发送会话请求的URL参数中错误的添加jsessionid。远程攻击者可通过实施中间人攻击或读取日志
CVSS Information
N/A
Vulnerability Type
N/A