Session Fixation Vulnerability in JRun 4.0 by Macromedia
CVE-2004-1478

Currently unrated

Key Information:

Vendor: Hitachi
Status: Cosminexus Enterprise; Jrun; Coldfusion; Cosminexus Server
Vendor: CVE Published:; 31 December 2004

Summary

JRun 4.0 is vulnerable due to improper handling of the JSESSIONID, which allows remote attackers to perform session fixation attacks. By exploiting this flaw, attackers can hijack an active user's HTTP session, potentially gaining unauthorized access to sensitive information and applications that the user has permissions to. It is essential for users of JRun 4.0 to apply necessary patches and mitigations to secure their sessions from these types of threats.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17481

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=109621995623823&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/11245

vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Feb 13, 2005
Vulnerability published
Dec 31, 2004