CVE-2007-5905
Adobe ColdFusion 8 and ColdFusion MX 7 are affected by a remote session-fixation vulnerability. The issue arises when established sessions in a ColdFusion application can be hijacked if CFID/CFTOKEN cookies are empty, enabling an attacker to impersonate a user. The CVE-2007-5905 entry lists these...