MPSB05-05 – Security Patch available for JRun 4.0 token collision

(Security Bulletin) Under high load, JRun may generate two sessions with the same authentication token. This cannot be controlled by an attacker and it occurs very rarely, but it may cause two authenticated users to share information from a single user session.

Comments are closed.