Jboss Community Application Server
Monthly
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.