Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.
References
Configurations
History
No history.
Information
Published : 2015-06-02 14:59
Updated : 2024-02-28 15:21
NVD link : CVE-2014-0999
Mitre link : CVE-2014-0999
CVE.ORG link : CVE-2014-0999
JSON object : View
Products Affected
sendio
- sendio
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor