SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Adobe ColdFusion Vendors:   Macromedia
Macromedia ColdFusion May Generate Duplicate Authentication Tokens in Certain Cases
SecurityTracker Alert ID:  1014490
SecurityTracker URL:  http://securitytracker.com/id/1014490
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 15 2005
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.1, 7.0
Description:   A vulnerability was reported in Macromedia ColdFusion MX. A remote authenticated user may be able to obtain session information from another user.

Under high load situations, the target server may assign the same authentication token to two different sessions. In this case, two remote authenticated users may be able to share information from a single user session.

The vendor indicates that this occurs rarely and cannot be triggered by a remote user.

The vendor credits Greg Ball from the University of Virginia with reporting this vulnerability.

Impact:   A remote authenticated user may be able to obtain session information belonging to another user.
Solution:   The vendor has issued a fix for JRun 4.0 (the flaw resides in the JRun component), available at:

http://download.macromedia.com/pub/security/mpsb05-05.zip

Vendor URL:  www.macromedia.com/devnet/security/security_zone/mpsb05-05.html (Links to External Site)
Cause:   Authentication error, State error
Underlying OS:  Linux (Any), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC