CVE-2001-1545

Published: Dec 31, 2001Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.

Affected (2)

Products: Macromedia: Jrun

Macromedia

1 product

Jrun

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Macromedia Jrun	Version 3.0
Macromedia Jrun	Version 3.1

References (6)

http://www.iss.net/security_center/static/7679.php

Source: cve@mitre.org

http://www.macromedia.com/v1/handlers/index.cfm?ID=22291&Method=Full

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/3665

Source: cve@mitre.org

Patch

http://www.iss.net/security_center/static/7679.php

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.macromedia.com/v1/handlers/index.cfm?ID=22291&Method=Full

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/3665

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.