PT-2011-1350 · Pentaho · Pentaho Bi Server

Publicado

2011-09-13

Atualizado

2018-10-10

CVE-2009-5101

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Pentaho BI Server versions 1.7.0.1062 and earlier

Description The issue allows attackers to obtain the session ID (JSESSIONID) from session history, referer headers, or by sniffing web traffic, as it is included in the URL.

Recommendations For Pentaho BI Server versions 1.7.0.1062 and earlier, consider configuring the server to no longer include the session ID in the URL to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2009-5101

Produtos afetados

Pentaho Bi Server

PT-2011-1350 · Pentaho · Pentaho Bi Server

CVE-2009-5101

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4