Adobe ColdFusion 8 and MX 7 allows remote malicious users to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
adobe coldfusion 8.0 |
||
adobe coldfusion 7.0 |
Vulmon