CVE-2009-5101

Sažetak

Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic.

Reference

http://antisnatchor.com/2009/06/20/pentaho-1701062-multiple-vulnerabilities/
http://jira.pentaho.com/browse/BISERVER-3245
http://www.securityfocus.com/archive/1/507168/100/0/threaded

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

10-10-2018 - 19:49

Objavljeno

13-09-2011 - 19:59