Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-3556

Session Identifier Not Updated

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Critical
    • 4.3.9, 4.4.3
    • None
    • None
    • None

    Description

      This bug was discovered by an automated penetration test executed by IBM Rational AppScan.

      Details (copied from Security Report):

      Severity: High
      Test Type: Application
      Vulnerable URL: http://ccd02-01:8080/magnoliaPublic/.magnolia/pages/adminCentral.html
      Remediation Tasks: Do not accept externally created session identifiers

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                ochytil Ondrej Chytil
                dlipp Daniel Lipp
                Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD