CVE-2014-0999

Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sendio:sendio:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-06-02 14:59

Updated : 2024-02-28 15:21


NVD link : CVE-2014-0999

Mitre link : CVE-2014-0999

CVE.ORG link : CVE-2014-0999


JSON object : View

Products Affected

sendio

  • sendio
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor