Vulnerability in Macromedia Jrun
CVE-2001-1545
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.
EPSS: 0.014 (68.4th percentile) — read the EPSS interpretation.
Affected products
- Macromedia Jrun — versions 3.0, 3.1
- N/a — versions n/a
References
- cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (Patch, vdb-entry, x_refsource_BID)