CVE-2008-2318
The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs.
Date published : 2008-07-14
http://lists.apple.com/archives/security-announce//2008/Jul/msg00002.html