2005-07-14 04:00:00
mitre
PUBLISHED
Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing / (slash), as demonstrated using ctx.