PT-2005-3233 · Macromedia · Coldfusion Mx+1

Published

2005-07-19

Updated

2008-09-05

CVE-2005-2306

CVSS v2.0

3.7

Low

Vector

AV:L/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Macromedia JRun version 4.0 ColdFusion MX versions 6.1 through 7.0

Description: A race condition occurs in the affected software under heavy load, causing the assignment of a duplicate authentication token to multiple sessions. This could allow authenticated users to gain privileges as other users.

Recommendations: For Macromedia JRun version 4.0, update to a version that is not affected by this issue. For ColdFusion MX versions 6.1 through 7.0, update to a version that is not affected by this issue. As a temporary workaround, consider implementing measures to reduce the load on the system to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2306

Affected Products

Coldfusion Mx

Macromedia Jrun

PT-2005-3233 · Macromedia · Coldfusion Mx+1

CVE-2005-2306

Related Identifiers

Affected Products

References · 4