CVE-2001-1545

Sažetak

Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.

Reference

http://www.iss.net/security_center/static/7679.php
http://www.macromedia.com/v1/handlers/index.cfm?ID=22291&Method=Full
http://www.securityfocus.com/bid/3665

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

05-09-2008 - 20:26

Objavljeno

31-12-2001 - 05:00