(Security Bulletin) Under high load, JRun may generate two sessions with the same authentication token. This cannot be controlled by an attacker and it occurs very rarely, but it may cause two authenticated users to share information from a single user session.
By dmorris
Comments (0)
Created
July 15, 2005