Lucene search

MitreCVE-2005-2306

HistoryJul 19, 2005 - 4:00 a.m.

CVE-2005-2306

2005-07-1904:00:00

mitre

web.nvd.nist.gov

cve-2005-2306

macromedia jrun

coldfusion

privilege escalation

race condition

authentication token

nvd

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

20.8%

JSON

Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.

Affected configurations

Nvd

Node

macromediacoldfusionMatch6.1

macromediacoldfusionMatch7.0

macromediajrunMatch4.0

VendorProductVersionCPE
macromediacoldfusion6.1cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
macromediacoldfusion7.0cpe:2.3:a:macromedia:coldfusion:7.0:*:*:*:*:*:*:*
macromediajrun4.0cpe:2.3:a:macromedia:jrun:4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
macromedia	coldfusion	6.1	cpe:2.3:a:macromedia:coldfusion:6.1:::::::*
macromedia	coldfusion	7.0	cpe:2.3:a:macromedia:coldfusion:7.0:::::::*
macromedia	jrun	4.0	cpe:2.3:a:macromedia:jrun:4.0:::::::*

References

secunia.com/advisories/16081

securitytracker.com/id?1014489

www.macromedia.com/devnet/security/security_zone/mpsb05-05.html

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

20.8%

JSON

Related for CVE-2005-2306