CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
83.6%
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user’s HTTP session.
Vendor | Product | Version | CPE |
---|---|---|---|
hitachi | cosminexus_enterprise | 01_01_1 | cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:enterprise:*:*:*:*:* |
hitachi | cosminexus_enterprise | 01_01_1 | cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:standard:*:*:*:*:* |
hitachi | cosminexus_enterprise | 01_02_2 | cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:enterprise:*:*:*:*:* |
hitachi | cosminexus_enterprise | 01_02_2 | cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:standard:*:*:*:*:* |
hitachi | cosminexus_server | web_01-01_1 | cpe:2.3:a:hitachi:cosminexus_server:web_01-01_1:*:*:*:*:*:*:* |
hitachi | cosminexus_server | web_01-01_2 | cpe:2.3:a:hitachi:cosminexus_server:web_01-01_2:*:*:*:*:*:*:* |
macromedia | coldfusion | 6.0 | cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:* |
macromedia | coldfusion | 6.1 | cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:* |
macromedia | coldfusion | 6.1 | cpe:2.3:a:macromedia:coldfusion:6.1:*:j2ee_application_server:*:*:*:*:* |
macromedia | jrun | 3.0 | cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:* |