Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote malicious users to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
macromedia jrun 3.0 |
||
macromedia jrun 3.1 |