BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
CVE-2012-6494 - Nexpose Security Console - Session Hijacking Jan 03 2013 09:06PM
i (at) amroot (dot) com [email concealed] (i amroot com)
Product: Nexpose Security Console
Vendor: Rapid7
Version: < 5.5.3
Tested Version: 5.5.1
Vendor Notified Date: December 19, 2012
Release Date: January 2, 2013
Risk: Medium
Authentication: Access to logs required.
Remote: Yes

Description:
Due to a flaw in the way the Nexpose Security Console logs ses...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus