exploitDog

CVE-2001-1545

Опубликовано: 31 дек. 2001

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.

Ссылки

http://www.iss.net/security_center/static/7679.php
http://www.macromedia.com/v1/handlers/index.cfm?ID=22291&Method=Full
Patch
Vendor Advisory
http://www.securityfocus.com/bid/3665
Patch
http://www.iss.net/security_center/static/7679.php
http://www.macromedia.com/v1/handlers/index.cfm?ID=22291&Method=Full
Patch
Vendor Advisory
http://www.securityfocus.com/bid/3665
Patch

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00387

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-gj42-9mvq-cfm7

github

больше 3 лет назад

Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.

EPSS

Процентиль: 59%

0.00387

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other