Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1478

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-1478
Last Modified 05 Sep 2008 04:41:30
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1478

Summary

JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.

Vulnerable Systems

Application

  • Hitachi Cosminexus Enterprise 01 01 1

  • Hitachi Cosminexus Enterprise 01 02 2

  • Hitachi Cosminexus Server Web 01-01 1

  • Hitachi Cosminexus Server Web 01-01 2

  • Macromedia Coldfusion 6.0

  • Macromedia Coldfusion 6.1

  • Macromedia Jrun 3.0

  • Macromedia Jrun 3.1

  • Macromedia Jrun 4.0


References

CERT-VN - VU#584958

XF - jrun-jsessionid-hijack(17481)

BID - 11245

CONFIRM - http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html

SECUNIA - 12638

BUGTRAQ - 20040923 New Macromedia Security Zone Bulletins Posted


Last Updated: 27 May 2016 10:39:02