>> Adobe ColdFusion CFID and CFTOKEN Session Hijacking Vulnerability
Title : Adobe ColdFusion CFID and CFTOKEN Session Hijacking Vulnerability VUPEN ID : VUPEN/ADV-2007-3859 CVE ID : CVE-2007-5905
Rated as : Low Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2007-11-14
Technical Description
A vulnerability has been identified in Adobe ColdFusion, which could be exploited by attackers to hijack user sessions. This issue is caused by an implementation error with an application built with ColdFusion, which could allow attackers to conduct session hijacking for applications utilizing CFID or CFTOKEN.
Note: This issue does not affect J2EE session management.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
