Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   Adobe ColdFusion Vendors:   Macromedia
Macromedia ColdFusion May Generate Duplicate Authentication Tokens in Certain Cases
SecurityTracker Alert ID:  1014490
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 15 2005
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.1, 7.0
Description:   A vulnerability was reported in Macromedia ColdFusion MX. A remote authenticated user may be able to obtain session information from another user.

Under high load situations, the target server may assign the same authentication token to two different sessions. In this case, two remote authenticated users may be able to share information from a single user session.

The vendor indicates that this occurs rarely and cannot be triggered by a remote user.

The vendor credits Greg Ball from the University of Virginia with reporting this vulnerability.

Impact:   A remote authenticated user may be able to obtain session information belonging to another user.
Solution:   The vendor has issued a fix for JRun 4.0 (the flaw resides in the JRun component), available at:

Vendor URL: (Links to External Site)
Cause:   Authentication error, State error
Underlying OS:  Linux (Any), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (XP)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC