CVE-2001-1545

2005-07-1404:00:00

mitre

www.cve.org

cve-2001-1545

macromedia jrun

url rewriting

remote attackers

session hijacking

http referrer

AI Score

6.7

Confidence

Low

EPSS

0.004

Percentile

74.3%

JSON

Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.

References

www.iss.net/security_center/static/7679.php

www.macromedia.com/v1/handlers/index.cfm?ID=22291&Method=Full

www.securityfocus.com/bid/3665