CVE-2003-1312 Information

Description

siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL which might allow remote attackers to obtain the ID by sniffing reading Referer logs or other methods.

Reference

http://curl.haxx.se/mail/archive-2003-05/0172.html [curl-users] 20030529 Re: https redirection and authentication using POST http://www.osvdb.org/30741