[
http://jira.magnolia-cms.com/browse/MAGNOLIA-3556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Philipp Bärfuss updated MAGNOLIA-3556:
--------------------------------------
Assignee: Ondřej Chytil (was: Boris Kraft)
Fix Version/s: 4.4.3
Priority: Critical (was: Major)
> Session Identifier Not Updated
> ------------------------------
>
> Key: MAGNOLIA-3556
> URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-3556
> Project: Magnolia
> Issue Type: Bug
> Reporter: Daniel Lipp
> Assignee: Ondřej Chytil
> Priority: Critical
> Fix For: 4.3.x, 4.4.3
>
>
> This bug was discovered by an automated penetration test executed by IBM
> Rational AppScan.
> Details (copied from Security Report):
>
> Severity: High
> Test Type: Application
> Vulnerable URL:
> http://ccd02-01:8080/magnoliaPublic/.magnolia/pages/adminCentral.html
> Remediation Tasks: Do not accept externally created session identifiers
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
