Info

Disclosure

Sep 23, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

JRun Server contains a flaw related to the generation of JESSIONIDs that may allow an attacker to steal a victim's session resulting in a loss of integrity. No further details have been provided.

Classification

Location: Remote / Network Access
Impact: Loss of Integrity
Exploit: Exploit Rumored
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Macromedia has released a set of patches to address this vulnerability.

Products

Macromedia, Inc.	JRun	4.0
		3.x

References

Security Tracker: 1011404
Related OSVDB ID: 10239 10240 10241
Bugtraq ID: 11245
Secunia Advisory ID: 12638
CVE ID: 2004-1478 (see also: NVD)
CERT VU: 584958
Keyword: ASPR #2004-10-14-2-PUB
Other Advisory URL: http://www.acrossecurity.com/aspr/ASPR-2004-10-14-2-PUB.txt
Vendor URL: http://www.macromedia.com/
Vendor Specific Advisory URL: http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html

Credit

@Stake Advisories - advisoriesatstake.com - @Stake, Inc.

Direct URL: http://osvdb.org/10238

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Macromedia, Inc.

JRun

References

Credit