Adobe ColdFusion 8 and MX 7 allows remote malicious users to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe coldfusion 8.0 |
||
adobe coldfusion 7.0 |