Session ID Exposure in Adobe Document Server for Reader Extensions
CVE-2006-1787

Currently unrated

Key Information:

Vendor: Adobe
Status: Document Server
Vendor: CVE Published:; 13 April 2006

Summary

Adobe Document Server for Reader Extensions 6.0 has a vulnerability that includes a user's session ID in the HTTP Referer header. This design flaw can be exploited by remote attackers, allowing unauthorized access to PDF files that are being processed within the affected session. As a result, sensitive information may be inadvertently disclosed, raising significant security concerns for users handling confidential PDF documents.

References

http://www.securityfocus.com/archive/1/430869/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.adobe.com/support/techdocs/331915.html

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/25773

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Apr 13, 2006
Vulnerability Reserved
Apr 13, 2006