CVE-2004-1478

Currently unrated

Key Information:

Vendor: Hitachi
Status: Cosminexus Enterprise; Jrun; Coldfusion; Cosminexus Server
Vendor: CVE Published:; 31 December 2004

Summary

JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17481

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=109621995623823&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/11245

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Feb 13, 2005
Vulnerability published
Dec 31, 2004