CVE-2014-8391

Sendio < 7.2.3 - Authenticated Session Information Exposure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8391. PoCs published by Core Security.

AI-analyzed exploit summary The exploit demonstrates an information disclosure vulnerability in Sendio ESP, where session identifiers are exposed in URLs and sensitive data can be leaked due to improper session handling. The provided Python script automates the detection of response mixup issues by comparing content lengths.

Description

The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textwebappsjsp

https://www.exploit-db.com/exploits/37114

View Code ZIP pw:eip

The exploit demonstrates an information disclosure vulnerability in Sendio ESP, where session identifiers are exposed in URLs and sensitive data can be leaked due to improper session handling. The provided Python script automates the detection of response mixup issues by comparing content lengths.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Sendio ESP 6 (14.1120.0)

Auth required

Prerequisites: Valid session identifier (jsessionid) · Access to the target Sendio ESP web interface

MITRE ATT&CK