• info
• discussion
• exploit
• solution
• references

Macromedia JRun Session ID Cookie HTTP Response Splitting Vulnerability

No exploit is required to leverage this issue.