exploitDog

CVE-2001-1513

Опубликовано: 31 дек. 2001

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' (slash), as demonstrated using ctx.

Ссылки

http://www.iss.net/security_center/static/7680.php
Patch
http://www.macromedia.com/v1/handlers/index.cfm?ID=22260&Method=Full
Patch
Vendor Advisory
http://www.securityfocus.com/bid/3600
http://www.iss.net/security_center/static/7680.php
Patch
http://www.macromedia.com/v1/handlers/index.cfm?ID=22260&Method=Full
Patch
Vendor Advisory
http://www.securityfocus.com/bid/3600

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.0831

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-wvm3-vf48-23c8

github

почти 4 года назад

Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' (slash), as demonstrated using ctx.

EPSS

Процентиль: 92%

0.0831

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other