Referer Exposes Session ID
- Risk:
Medium
- Type:
- Passive
- CWE:
- 200
- Summary
- A hyperlink pointing to another host name was found. As session ID URL rewrite is used, it may be disclosed in referer header to external hosts.
- Solution
- This is a risk if the session ID is sensitive and the hyperlink refers to an external or third party host. For secure content, put session ID in secured session cookie.