JRun 4.0 Session Fixation Vulnerability

JRun 4.0 Session Fixation Vulnerability

CVE-2004-1478 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.

Learn more about our User Device Pen Test.