PT-2005-5396 · Pear · Pear Html Quickform Controller
Jeroen
·
Publicado
2005-12-31
·
Atualizado
2008-09-05
·
CVE-2005-4731
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PEAR HTML QuickForm Controller version 1.0.4
Description
The issue allows remote attackers to obtain the session ID via an HTTP Referer field and possibly other vectors, because the Next action includes the SID in the URL even when session.use only cookies is configured.
Recommendations
For PEAR HTML QuickForm Controller version 1.0.4, consider disabling the use of the SID in URLs as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Pear Html Quickform Controller