Описание
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.
Ссылки
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:adobe:coldfusion:7.0:*:*:*:*:*:*:*
cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.0543
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-255
Связанные уязвимости
github
почти 4 года назад
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.
EPSS
Процентиль: 90%
0.0543
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-255