CVE-2008-2318Sensitive Information Exposure in Apple Xcode Tools

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.5%
top 35.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Xcode ToolsApple Xcode
Timeline
PublishedJul 14
Latest updateMay 1

Description

The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDapple/xcode1.5, 2.2+1

🔴Vulnerability Details

2
GHSA
GHSA-j5gp-2w8h-r25r: The WOHyperlink implementation in WebObjects in Apple Xcode tools before 32022-05-01
CVEList
CVE-2008-2318: The WOHyperlink implementation in WebObjects in Apple Xcode tools before 32008-07-14
CVE-2008-2318 — Sensitive Information Exposure in Apple | cvebase