PT-2006-2778 · Adobe · Adobe Document Server For Reader Extensions

Published

2006-04-13

Updated

2018-10-18

CVE-2006-1787

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Adobe Document Server for Reader Extensions version 6.0

Description The issue allows remote attackers to gain access to PDF files being processed within a user's session. This is due to the inclusion of the user's session ID, specifically the jsession ID, in the HTTP Referer header.

Recommendations For Adobe Document Server for Reader Extensions version 6.0, consider restricting access to the HTTP Referer header to minimize the risk of session ID exposure until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1787

Affected Products

Adobe Document Server For Reader Extensions

PT-2006-2778 · Adobe · Adobe Document Server For Reader Extensions

CVE-2006-1787

Related Identifiers

Affected Products

References · 9