Lucene search

[email protected]CVE-2004-2182

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2182

2004-12-3105:00:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2004-2182

session fixation

macromedia jrun 4.0

vulnerability

remote attackers

user sessions

session server

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.5%

JSON

Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.

CPENameOperatorVersion
macromedia:jrunmacromedia jruneq4.0
macromedia:jrunmacromedia jruneq4.0_build_61650

CPE	Name	Operator	Version
macromedia:jrun	macromedia jrun	eq	4.0
macromedia:jrun	macromedia jrun	eq	4.0_build_61650

References

www.macromedia.com/devnet/security/security_zone/mpsb04-08.html

www.securityfocus.com/bid/11414

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.5%

JSON

Related for CVE-2004-2182

nessus1