>> Adobe ColdFusion CFID and CFTOKEN Session Hijacking Vulnerability
Title : Adobe ColdFusion CFID and CFTOKEN Session Hijacking Vulnerability VUPEN ID : VUPEN/ADV-2007-3859 CVE ID : CVE-2007-5905
Rated as : Low Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2007-11-14
Technical Description
A vulnerability has been identified in Adobe ColdFusion, which could be exploited by attackers to hijack user sessions. This issue is caused by an implementation error with an application built with ColdFusion, which could allow attackers to conduct session hijacking for applications utilizing CFID or CFTOKEN.
Note: This issue does not affect J2EE session management.
