Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.
References
Link | Resource |
---|---|
http://www.iss.net/security_center/static/7679.php | |
http://www.macromedia.com/v1/handlers/index.cfm?ID=22291&Method=Full | Patch Vendor Advisory |
http://www.securityfocus.com/bid/3665 | Patch |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2001-12-31 05:00
Updated : 2024-02-04 16:31
NVD link : CVE-2001-1545
Mitre link : CVE-2001-1545
CVE.ORG link : CVE-2001-1545
JSON object : View
Products Affected
macromedia
- jrun
CWE