First published: Fri Dec 31 2004(Updated: )
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Hitachi Cosminexus Enterprise | =01_01_1 | |
Hitachi Cosminexus Enterprise | =01_02_2 | |
Hitachi Cosminexus Enterprise | =01_01_1 | |
Macromedia JRun | =3.1 | |
Macromedia JRun | =3.0 | |
Macromedia ColdFusion | =6.1 | |
Macromedia ColdFusion | =6.0 | |
Hitachi Cosminexus Server | =web_01-01_2 | |
Hitachi Cosminexus Server | =web_01-01_1 | |
Macromedia JRun | =4.0 | |
Macromedia ColdFusion | =6.1 | |
Hitachi Cosminexus Enterprise | =01_02_2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.