Lucene search

MitreCVE-2004-2182

HistoryJul 10, 2005 - 4:00 a.m.

CVE-2004-2182

2005-07-1004:00:00

CWE-287

mitre

web.nvd.nist.gov

cve-2004-2182

session fixation

macromedia jrun 4.0

vulnerability

remote attackers

user sessions

session server

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.008

Percentile

82.2%

JSON

Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.

Affected configurations

Nvd

Node

macromediajrunMatch4.0

macromediajrunMatch4.0sp1

macromediajrunMatch4.0sp1a

macromediajrunMatch4.0_build_61650

VendorProductVersionCPE
macromediajrun4.0cpe:2.3:a:macromedia:jrun:4.0:*:*:*:*:*:*:*
macromediajrun4.0cpe:2.3:a:macromedia:jrun:4.0:sp1:*:*:*:*:*:*
macromediajrun4.0cpe:2.3:a:macromedia:jrun:4.0:sp1a:*:*:*:*:*:*
macromediajrun4.0_build_61650cpe:2.3:a:macromedia:jrun:4.0_build_61650:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
macromedia	jrun	4.0	cpe:2.3:a:macromedia:jrun:4.0:::::::*
macromedia	jrun	4.0	cpe:2.3:a:macromedia:jrun:4.0:sp1::::::
macromedia	jrun	4.0	cpe:2.3:a:macromedia:jrun:4.0:sp1a::::::
macromedia	jrun	4.0_build_61650	cpe:2.3:a:macromedia:jrun:4.0_build_61650:::::::*

References

www.macromedia.com/devnet/security/security_zone/mpsb04-08.html

www.securityfocus.com/bid/11414

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.008

Percentile

82.2%

JSON

Related for CVE-2004-2182