Secunia

Community Login

Customer Login

Partner Login

Overview

Advisories

Research

Forums

Create Profile

Our Commitment

Database

Advisories by Product

Advisories by Vendor

Terminology

Report Vulnerability

Insecure Library Loading

Secunia Advisory SA12638

Macromedia JRun Server Multiple Vulnerabilities

Secunia Advisory

SA12638

Get alerted and manage the vulnerability life cycle

Release Date

2004-09-24

Last Update

2005-02-15

Popularity

26,329 views

Comments

0 comments

Criticality level

Moderately critical

Impact

Hijacking
Cross Site Scripting
Exposure of sensitive information
DoS
System access

Where

From remote

Authentication level

Available in Customer Area

Report reliability

Available in Customer Area

Solution Status

Vendor Patch

Systems affected

Available in Customer Area

Approve distribution

Available in Customer Area

Software:

Macromedia Jrun 3.x

Macromedia Jrun 4.x

Secunia CVSS Score

Available in Customer Area

CVE Reference(s)

CVE-2004-0646 CVSS available in Customer Area
CVE-2004-1477 CVSS available in Customer Area
CVE-2004-1478 CVSS available in Customer Area
CVE-2004-1479 CVSS available in Customer Area

Description

Multiple vulnerabilities have been reported in JRun Server, which can be exploited by malicious people to hijack an authenticated user's session, conduct cross-site scripting attacks, disclose sensitive information, and cause a DoS (Denial of Service).

1) An implementation error in the generation and handling of JSESSIONIDs can be exploited to hijack an authenticated user's session.

This vulnerability affects version 4.0.

2) A cross-site scripting and session handling vulnerability in the JRun Management Console can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site, or hijack an authenticated user's session.

This vulnerability affects version 4.0.

3) An URL parsing error can e.g. be exploited to show the source of any file such as script files inside the web root by appending ";.cfm" to the end of an URL.

This vulnerability affects version 4.0.

NOTE: This vulnerability only affects the Microsoft IIS connector.

4) A boundary error in the mod_jrun Apache module within the "WriteToLog()" function can be exploited to cause a buffer overflow via certain overly long headers (e.g. the "Content-Type" header).

Successful exploitation allows execution of arbitrary code, but requires that "verbose" debug mode is enabled for the JRun web server connectors (not enabled by default).

The vulnerability has been reported in version 3.0, 3.1, and 4.0.

Solution
Apply patches.
Further details available in Customer Area

Provided and/or discovered by
1) @Stake
2) Acros
3+4) iDEFENSE

Changelog
Further details available in Customer Area

Original Advisory
Macromedia:
http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html

iDEFENSE:
http://www.idefense.com/application/poi/display?id=145&type=vulnerabilities

ACROS Security:
http://www.acrossecurity.com/aspr/ASPR-2004-10-14-1-PUB.txt
http://www.acrossecurity.com/aspr/ASPR-2004-10-14-2-PUB.txt
http://www.acrossecurity.com/aspr/ASPR-2004-10-14-3-PUB.txt

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Macromedia JRun Server Multiple Vulnerabilities

No posts yet

Secunia

Secunia Advisory SA12638

Macromedia JRun Server Multiple Vulnerabilities

Do you have additional information related to this advisory?

You must be logged in to post a comment.

Secunia Customer Login

Not a customer already?