exploitDog

CVE-2005-2306

Опубликовано: 19 июл. 2005

Источник: nvd

CVSS2: 3.7

EPSS Низкий

Описание

Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.

Ссылки

http://secunia.com/advisories/16081
Patch
Vendor Advisory
http://securitytracker.com/id?1014489
http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.html
Patch
http://secunia.com/advisories/16081
Patch
Vendor Advisory
http://securitytracker.com/id?1014489
http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.html
Patch

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:coldfusion:7.0:*:*:*:*:*:*:*

cpe:2.3:a:macromedia:jrun:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 3%

0.00016

Низкий

3.7 Low

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-qh97-rp8g-749f

github

почти 4 года назад

Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.

EPSS

Процентиль: 3%

0.00016

Низкий

3.7 Low

CVSS2

Дефекты

NVD-CWE-Other