Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:37
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.iss.net/security_center/static/7679.php - | |
References | () http://www.macromedia.com/v1/handlers/index.cfm?ID=22291&Method=Full - Patch, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/3665 - Patch |
Information
Published : 2001-12-31 05:00
Updated : 2024-11-20 23:37
NVD link : CVE-2001-1545
Mitre link : CVE-2001-1545
CVE.ORG link : CVE-2001-1545
JSON object : View
Products Affected
macromedia
- jrun
CWE