Vulnerability Description
Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Macromedia | Jrun | 3.0 |
References
- http://www.iss.net/security_center/static/7679.php
- http://www.macromedia.com/v1/handlers/index.cfm?ID=22291&Method=FullPatchVendor Advisory
- http://www.securityfocus.com/bid/3665Patch
- http://www.iss.net/security_center/static/7679.php
- http://www.macromedia.com/v1/handlers/index.cfm?ID=22291&Method=FullPatchVendor Advisory
- http://www.securityfocus.com/bid/3665Patch
FAQ
What is CVE-2001-1545?
CVE-2001-1545 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions...
How severe is CVE-2001-1545?
CVE-2001-1545 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1545?
Check the references section above for vendor advisories and patch information. Affected products include: Macromedia Jrun.