• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Apple Xcode WebObjects 'WOHyperlink' Information Disclosure Vulnerability

Apple WebObjects is prone to an information-disclosure vulnerability when generating URIs for HTML documents.

To exploit this issue an affected application would have to contain a URI to an arbitrary website that an attacker has control of or on which the attacker can view activity logs. Harvested session ID data can aid in attacks.

Versions of WebObjects that are affected are currently unspecified, however those included in Xcode versions prior to 3.1 are affected.