VYPR
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Jun 16, 2026

CVE-2004-1478

CVE-2004-1478

Description

JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

13
  • cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:enterprise:*:*:*:*:*+ 3 more
    • cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:enterprise:*:*:*:*:*
    • cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:standard:*:*:*:*:*
    • cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:enterprise:*:*:*:*:*
    • cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:standard:*:*:*:*:*
  • cpe:2.3:a:hitachi:cosminexus_server:web_01-01_1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:hitachi:cosminexus_server:web_01-01_1:*:*:*:*:*:*:*
    • cpe:2.3:a:hitachi:cosminexus_server:web_01-01_2:*:*:*:*:*:*:*
  • cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:macromedia:coldfusion:6.1:*:j2ee_application_server:*:*:*:*:*
  • Macromedia/Jrun4 versions
    cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:macromedia:jrun:4.0:*:*:*:*:*:*:*
    • (no CPE)range: = 4.0

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.