[magnolia-dev] [JIRA] Created: (MAGNOLIA-3556) Session Identifier Not Updated

JIRA (on behalf of Daniel Lipp) Tue, 22 Feb 2011 00:06:46 -0800

Session Identifier Not Updated
------------------------------

                 Key: MAGNOLIA-3556
                 URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-3556
             Project: Magnolia
          Issue Type: Bug
            Reporter: Daniel Lipp
            Assignee: Boris Kraft
            Priority: Major



This bug was discovered by an automated penetration test executed by IBM 
Rational AppScan.

Details (copied from Security Report):
 
Severity:       High 
Test Type:      Application 
Vulnerable URL: 
http://ccd02-01:8080/magnoliaPublic/.magnolia/pages/adminCentral.html 
Remediation Tasks:      Do not accept externally created session identifiers

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------

[magnolia-dev] [JIRA] Created: (MAGNOLIA-3556) Session Identifier Not Updated

Reply via email to