[MAGNOLIA-3556] Session Identifier Not Updated Created: 22/Feb/11  Updated: 11/Apr/11  Resolved: 24/Mar/11

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: None
Fix Version/s: 4.3.9, 4.4.3

Type: Bug Priority: Critical
Reporter: Daniel Lipp Assignee: Ondrej Chytil
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
duplicate
duplicates MAGNOLIA-3248 Magnolia should invalidate any existi... Closed
relation
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

This bug was discovered by an automated penetration test executed by IBM Rational AppScan.

Details (copied from Security Report):

Severity: High
Test Type: Application
Vulnerable URL: http://ccd02-01:8080/magnoliaPublic/.magnolia/pages/adminCentral.html
Remediation Tasks: Do not accept externally created session identifiers



 Comments   
Comment by Ondrej Chytil [ 24/Mar/11 ]

Fixed with MAGNOLIA-3248.

Generated at Mon Feb 12 03:47:35 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.