CVE-2011-1839

Name of the Vulnerable Software and Affected Versions IBM Rational Build Forge version 7.1.0

Description The issue allows context-dependent attackers to discover session IDs by reading web-server access logs, web-server Referer logs, or the browser history. This is due to the use of the HTTP GET method during redirection from the authentication servlet to a PHP script.

Recommendations For IBM Rational Build Forge version 7.1.0, consider modifying the authentication process to use a more secure method, such as the HTTP POST method, to prevent session IDs from being logged or stored in the browser history. As a temporary workaround, restrict access to web-server logs and the browser history to minimize the risk of session ID discovery.