Description
The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs.
Affected products
- Apple / Xcode1.5 – 1.5
- Apple / Xcode2.2 – 2.2
- Apple / xcode_tools3.0
- Apple / xcode_tools1.0 – 1.0
- Apple / xcode_tools2.0 – 2.0
- Apple / xcode_tools2.1 – 2.1
- Apple / xcode_tools2.2.1 – 2.2.1
- Apple / xcode_tools2.3 – 2.3
- Apple / xcode_tools2.4 – 2.4
- Apple / xcode_tools2.4.1 – 2.4.1
- Apple / xcode_tools2.5 – 2.5
References
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/43735
- MISChttp://www.securitytracker.com/id?1020473
- MISChttp://www.securityfocus.com/bid/30191
- MAILING_LISThttp://lists.apple.com/archives/security-announce//2008/Jul/msg00002.html
- VENDOR_ADVISORYhttp://support.apple.com/kb/HT2352
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/2093/references
- VENDOR_ADVISORYhttp://secunia.com/advisories/31060