Description: A vulnerability has been reported in Adobe ColdFusion, which potentially can be exploited by malicious people to hijack user sessions.
The vulnerability is caused due to an unspecified error when using CFID or CFTOKEN and can be exploited to e.g. hijack a user's session on an application built using ColdFusion.
NOTE: This vulnerability does not affect customers using J2EE session management.
The vulnerability affects ColdFusion MX 7 and ColdFusion 8.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
