Lucene search

[email protected]CVE-2001-1545

HistoryDec 31, 2001 - 5:00 a.m.

CVE-2001-1545

2001-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2001-1545

macromedia jrun 3.0

macromedia jrun 3.1

session hijack

jsessionid

7.5 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.5%

JSON

Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.

CPENameOperatorVersion
macromedia:jrunmacromedia jruneq3.1
macromedia:jrunmacromedia jruneq3.0

CPE	Name	Operator	Version
macromedia:jrun	macromedia jrun	eq	3.1
macromedia:jrun	macromedia jrun	eq	3.0

References

www.iss.net/security_center/static/7679.php

www.macromedia.com/v1/handlers/index.cfm?ID=22291&Method=Full

www.securityfocus.com/bid/3665

7.5 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.5%

JSON

Related for CVE-2001-1545

cvelist1