Lucene search
MitreCVE-2014-0999HistoryJun 02, 2015 - 2:59 p.m.
CVE-2014-0999
2015-06-0214:59:00
CWE-200
mitre
web.nvd.nist.gov
36
sendio
security
vulnerability
session identifier
leakage
nvd
cve-2014-0999
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.2
Confidence
Low
EPSS
0.008
Percentile
81.5%
Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.
Affected configurations
Node
sendiosendioRange≤7.2.3
Related
nvd
nvd
CVE-2014-0999
2015-06-02 14:59:00
cvelist
cvelist
CVE-2014-0999
2015-06-02 14:00:00
prion
prion
Design/Logic Flaw
2015-06-02 14:59:00
securityvulns
securityvulns
Sendio ESP information disclosure
2015-06-08 00:00:00
[CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability
2015-06-08 00:00:00
zdt
zdt
Sendio ESP Information Disclosure Vulnerability
2015-05-27 00:00:00
exploitpack
exploitpack
Sendio ESP - Information Disclosure
2015-05-26 00:00:00
packetstorm
packetstorm
Sendio ESP Information Disclosure
2015-05-22 00:00:00
openvas
openvas
Sendio ESP Multiple Information Disclosure Vulnerabilities
2015-06-10 00:00:00
coresecurity
coresecurity
Sendio ESP Information Disclosure Vulnerability
2015-05-22 00:00:00
exploitdb
exploitdb
Sendio ESP - Information Disclosure
2015-05-26 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.2
Confidence
Low
EPSS
0.008
Percentile
81.5%
Related for CVE-2014-0999