Vulnerabilities > CVE-2005-2306 - Local Security vulnerability in Macromedia Coldfusion and Jrun

CVSS 3.7 - LOW

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

high complexity

macromedia

NVD

Published: 2005-07-19

Updated: 2008-09-05

Summary

Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.

Vulnerable Configurations

Part	Description	Count
Application	Macromedia Macromedia Coldfusion 6.1 Macromedia Coldfusion 7.0 Macromedia Jrun 4.0	3

References

http://secunia.com/advisories/16081
http://securitytracker.com/id?1014489
http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.html