Required CVE Record Information
Description
The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests.
References 5 Total
- seclists.org: 20150522 [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability mailing-list
- http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html
- securityfocus.com: 20150522 [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability mailing-list
- exploit-db.com: 37114 exploit
- http://www.sendio.com/software-release-history/
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- seclists.org: 20150522 [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability mailing-listx_transferred
- http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html x_transferred
- securityfocus.com: 20150522 [CORE-2015-0010] - Sendio ESP Information Disclosure Vulnerability mailing-listx_transferred
- exploit-db.com: 37114 exploitx_transferred
- http://www.sendio.com/software-release-history/ x_transferred