Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026
CVE-2004-1478
CVE-2004-1478
Description
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.
Affected products
12cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:enterprise:*:*:*:*:*+ 3 more
- cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:enterprise:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:*:standard:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:enterprise:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:*:standard:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_server:web_01-01_1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:hitachi:cosminexus_server:web_01-01_1:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_server:web_01-01_2:*:*:*:*:*:*:*
cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:coldfusion:6.1:*:j2ee_application_server:*:*:*:*:*
cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:macromedia:jrun:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:jrun:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:macromedia:jrun:4.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- secunia.com/advisories/12638/nvdPatchVendor Advisory
- www.kb.cert.org/vuls/id/584958nvdPatchThird Party AdvisoryUS Government Resource
- www.macromedia.com/devnet/security/security_zone/mpsb04-08.htmlnvdPatch
- www.securityfocus.com/bid/11245nvdPatch
- marc.infonvd
- exchange.xforce.ibmcloud.com/vulnerabilities/17481nvd
News mentions
0No linked articles in our index yet.