Auth bypass in Macromedia Jrun

CVE-2004-2182

Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.

Vulnerability class: Broken Authentication

EPSS: 0.012 (65.4th percentile) — read the EPSS interpretation.

Affected products

Macromedia Jrun — versions 4.0, 4.0_build_61650
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (vendor-advisory, x_refsource_ALLAIRE)