CVE-2001-1545

3 documents3 sources
Severity
5.0MEDIUM
EPSS
0.4%
top 40.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Macromedia Jrun
Timeline
PublishedDec 31
Latest updateApr 30

Description

Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmacromedia/jrun3.0, 3.1+1

Patches

Patch: www.macromedia.comPatch: www.securityfocus.comPatch: www.macromedia.com

🔴Vulnerability Details

2
GHSA
GHSA-gj42-9mvq-cfm7: Macromedia JRun 32022-04-30
CVEList
CVE-2001-1545: Macromedia JRun 32005-07-14
CVE-2001-1545 (MEDIUM CVSS 5) | Macromedia JRun 3.0 and 3.1 appends | cvebase.io