• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Sun Java System Web And Application Server Remote Session Disclosure Vulnerability

A remote session disclosure vulnerability affects the Sun Java System Web and Application Servers. This issue is due to a design error that may cause sessions IDs to be revealed.

This issue may be exploited to steal session IDs from unsuspecting users and gain access to their current sessions. Reportedly only sessions that do not require authentication are affected by this issue.