Vulnerability Description
Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Macromedia | Coldfusion | 6.1 |
| Macromedia | Jrun | 4.0 |
References
- http://secunia.com/advisories/16081PatchVendor Advisory
- http://securitytracker.com/id?1014489
- http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.htmlPatch
- http://secunia.com/advisories/16081PatchVendor Advisory
- http://securitytracker.com/id?1014489
- http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.htmlPatch
FAQ
What is CVE-2005-2306?
CVE-2005-2306 is a vulnerability with a CVSS score of 3.7 (LOW). Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated us...
How severe is CVE-2005-2306?
CVE-2005-2306 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2306?
Check the references section above for vendor advisories and patch information. Affected products include: Macromedia Coldfusion, Macromedia Jrun.