Impact
An arbitrary script may be executed on the browser of the administrator logged into Adobe JRun. In addition, if session information from a cookie is leaked, an remote attacker could possibly conduct session hijacking.
Solution
Products Affected
- Adobe JRun 4.0
- ColdFusion MX 6.1 Enterprise (with J2EE installed and JRun 4.0 deployed)
- ColdFusion MX 7.0 Enterprise (with the Multi-Server option installed)
Note ColdFusion MX 6.1 and 7.0 Standard Edition are not affected. For more information, refer to the vendor’s website.