Vulnerability Details CVE-2001-1545
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www.iss.net/security_center/static/7679.php
- http://www.macromedia.com/v1/handlers/index.cfm?ID=22291&Method=Full
- http://www.securityfocus.com/bid/3665
- http://www.iss.net/security_center/static/7679.php
- http://www.macromedia.com/v1/handlers/index.cfm?ID=22291&Method=Full
- http://www.securityfocus.com/bid/3665
Products affected by CVE-2001-1545
-
cpe:2.3:a:macromedia:jrun:3.0
-
cpe:2.3:a:macromedia:jrun:3.1