Vulnerability in Hitachi Cosminexus_enterprise
CVE-2004-1478
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.
EPSS: 0.034 (87.3th percentile) — read the EPSS interpretation.
Affected products
- Hitachi Cosminexus_enterprise — versions 01_01_1, 01_02_2
- Hitachi Cosminexus_server — versions web_01-01_1, web_01-01_2
- Macromedia Coldfusion — versions 6.0, 6.1
- Macromedia Jrun — versions 3.0, 3.1, 4.0
- N/a — versions n/a
References
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (Patch, vdb-entry, x_refsource_BID)
- cve@mitre.org (US Government Resource, x_refsource_CERT-VN, Patch, Third Party Advisory, third-party-advisory)
- cve@mitre.org (x_refsource_CONFIRM, Patch)
- cve@mitre.org (Patch, x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)