CVE-2001-1545
First published: Mon Dec 31 2001(Updated: )
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe JRun | =3.1 | |
| Adobe JRun | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-1545?
CVE-2001-1545 is considered a high severity vulnerability due to its potential for session hijacking.
How do I fix CVE-2001-1545?
To fix CVE-2001-1545, it is recommended to upgrade to a newer version of JRun that does not append session identifiers to URLs.
What types of systems are affected by CVE-2001-1545?
CVE-2001-1545 affects Macromedia JRun versions 3.0 and 3.1.
What are the risks associated with CVE-2001-1545?
The primary risk associated with CVE-2001-1545 is the unauthorized access to user sessions due to exposed session IDs.
Can CVE-2001-1545 be exploited remotely?
Yes, CVE-2001-1545 can be exploited remotely by attackers who can intercept or manipulate HTTP referrer fields.
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/macromedia
- canonical/adobe jrun
- version/adobe jrun/3.1
- version/adobe jrun/3.0