Unrated severityNVD Advisory· Published Nov 15, 2007· Updated Jun 16, 2026
CVE-2007-5905
CVE-2007-5905
Description
Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions via unspecified vectors that trigger establishment of a session to a ColdFusion application in which the (1) CFID or (2) CFTOKEN cookies have empty values, possibly due to a session fixation vulnerability.
Affected products
4cpe:2.3:a:adobe:coldfusion:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:coldfusion:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
8News mentions
0No linked articles in our index yet.