CVE-2004-2182

Name of the Vulnerable Software and Affected Versions Macromedia JRun version 4.0

Description A session fixation issue allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.

Recommendations For Macromedia JRun version 4.0, consider regenerating session IDs after a user logs in to prevent session fixation attacks. As a temporary workaround, restrict access to sensitive areas of the application until a more permanent fix can be applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.