CVE Vulnerabilities

CVE-2004-1478

Published: Dec 31, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a users HTTP session.

Affected Software

Name Vendor Start Version End Version
Cosminexus_enterprise Hitachi 01_01_1 (including) 01_01_1 (including)
Cosminexus_enterprise Hitachi 01_02_2 (including) 01_02_2 (including)
Cosminexus_server Hitachi web_01-01_1 (including) web_01-01_1 (including)
Cosminexus_server Hitachi web_01-01_2 (including) web_01-01_2 (including)
Coldfusion Macromedia 6.0 (including) 6.0 (including)
Coldfusion Macromedia 6.1 (including) 6.1 (including)
Jrun Macromedia 3.0 (including) 3.0 (including)
Jrun Macromedia 3.1 (including) 3.1 (including)
Jrun Macromedia 4.0 (including) 4.0 (including)

References