PT-2006-2778 · Adobe · Adobe Document Server For Reader Extensions

Publicado

2006-04-13

Atualizado

2018-10-18

CVE-2006-1787

CVSS v2.0

2.6

Baixa

Vetor

AV:N/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Adobe Document Server for Reader Extensions version 6.0

Description The issue allows remote attackers to gain access to PDF files being processed within a user's session. This is due to the inclusion of the user's session ID, specifically the jsession ID, in the HTTP Referer header.

Recommendations For Adobe Document Server for Reader Extensions version 6.0, consider restricting access to the HTTP Referer header to minimize the risk of session ID exposure until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-1787

Produtos afetados

Adobe Document Server For Reader Extensions

PT-2006-2778 · Adobe · Adobe Document Server For Reader Extensions

CVE-2006-1787

Identificadores relacionados

Produtos afetados

Referências · 9