Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session.
References
Configurations
History
21 Nov 2024, 00:09
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/15924 - Vendor Advisory | |
References | () http://secunia.com/secunia_research/2005-68/advisory/ - Vendor Advisory | |
References | () http://www.adobe.com/support/techdocs/322699.html - Vendor Advisory | |
References | () http://www.adobe.com/support/techdocs/331915.html - Patch, Vendor Advisory | |
References | () http://www.securityfocus.com/archive/1/430869/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/17500 - | |
References | () http://www.vupen.com/english/advisories/2006/1342 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/25773 - |
Information
Published : 2006-04-13 22:02
Updated : 2024-11-21 00:09
NVD link : CVE-2006-1787
Mitre link : CVE-2006-1787
CVE.ORG link : CVE-2006-1787
JSON object : View
Products Affected
adobe
- document_server
CWE