VYPR
Unrated severityNVD Advisory· Published Aug 18, 2009· Updated Jun 16, 2026

CVE-2009-1878

CVE-2009-1878

Description

Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

Affected products

22
  • cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*+ 21 more
    • cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*range: <=8.0.1
    • cpe:2.3:a:adobe:coldfusion:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:6.0:*:enterprise_multi-server:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:6.0:*:enterprise_server:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:6.0:*:linux:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:6.0:*:solaris:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:6.1:*:enterprise_multi-server:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:6.1:*:enterprise_server:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:6.1:*:linux:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:6.1:*:solaris:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:7.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:7.0:*:enterprise_multi-server:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:7.0:*:enterprise_server:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:7.0:*:linux:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:7.0:*:solaris:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:7.2:unknown:mx:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:adobe:coldfusion:8.1:*:*:*:*:*:*:*
    • (no CPE)range: <=8.0.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.