JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote malicious users to perform a session fixation attack and hijack a user's HTTP session.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hitachi cosminexus enterprise 01_02_2 |
||
hitachi cosminexus server web_01-01_1 |
||
macromedia jrun 4.0 |
||
hitachi cosminexus server web_01-01_2 |
||
macromedia coldfusion 6.0 |
||
macromedia coldfusion 6.1 |
||
hitachi cosminexus enterprise 01_01_1 |
||
macromedia jrun 3.0 |
||
macromedia jrun 3.1 |