CVE-2004-1478 | Vulnerability Database | Aqua Security

JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a users HTTP session.

Affected Software

Name	Vendor	Start Version	End Version
Cosminexus_enterprise	Hitachi	01_01_1 (including)	01_01_1 (including)
Cosminexus_enterprise	Hitachi	01_02_2 (including)	01_02_2 (including)
Cosminexus_server	Hitachi	web_01-01_1 (including)	web_01-01_1 (including)
Cosminexus_server	Hitachi	web_01-01_2 (including)	web_01-01_2 (including)
Coldfusion	Macromedia	6.0 (including)	6.0 (including)
Coldfusion	Macromedia	6.1 (including)	6.1 (including)
Jrun	Macromedia	3.0 (including)	3.0 (including)
Jrun	Macromedia	3.1 (including)	3.1 (including)
Jrun	Macromedia	4.0 (including)	4.0 (including)

References

http://marc.info/?l=bugtraq\u0026m=109621995623823\u0026w=2
http://secunia.com/advisories/12638/
http://www.kb.cert.org/vuls/id/584958
http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html
http://www.securityfocus.com/bid/11245
https://exchange.xforce.ibmcloud.com/vulnerabilities/17481

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1478
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html