CVE-2005-2306 : Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under hea

Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.

Published 2005-07-19 04:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2005-2306

Macromedia » Jrun » Version: 4.0
cpe:2.3:a:macromedia:jrun:4.0:*:*:*:*:*:*:*
Matching versions
Macromedia » Coldfusion » Version: 6.1
cpe:2.3:a:macromedia:coldfusion:6.1:*:*:*:*:*:*:*
Matching versions
Macromedia » Coldfusion » Version: 7.0
cpe:2.3:a:macromedia:coldfusion:7.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-2306

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 2 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-2306

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.7	LOW	AV:L/AC:H/Au:N/C:P/I:P/A:P	1.9	6.4	NIST
Access Vector: Local Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2005-2306

http://www.macromedia.com/devnet/security/security_zone/mpsb05-05.html

Patch
http://secunia.com/advisories/16081

Patch;Vendor Advisory
http://securitytracker.com/id?1014489

Jump to

Vulnerability Details : CVE-2005-2306

Products affected by CVE-2005-2306

Exploit prediction scoring system (EPSS) score for CVE-2005-2306

CVSS scores for CVE-2005-2306

References for CVE-2005-2306