Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-3556

Session Identifier Not Updated

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Critical Critical
    • 4.3.9, 4.4.3
    • None
    • None
    • None

      This bug was discovered by an automated penetration test executed by IBM Rational AppScan.

      Details (copied from Security Report):

      Severity: High
      Test Type: Application
      Vulnerable URL: http://ccd02-01:8080/magnoliaPublic/.magnolia/pages/adminCentral.html
      Remediation Tasks: Do not accept externally created session identifiers

        Acceptance criteria

              ochytil Ondrej Chytil
              dlipp Daniel Lipp
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Bug DoR
                  Task DoD