Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0646

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0646
Last Modified 05 Sep 2008 04:38:59
Published 23 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0646

Summary

Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.

Vulnerable Systems

Application

  • Macromedia Coldfusion 6.0

  • Macromedia Coldfusion 6.1

  • Macromedia Jrun 3.0

  • Macromedia Jrun 3.1

  • Macromedia Jrun 4.0


References

CERT-VN - VU#990200

XF - coldfusion-jrun-verbose-bo(17485)

BID - 11245

CONFIRM - http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html

BUGTRAQ - 20040929 iDEFENSE Security Advisory 09.29.04 - Macromedia JRun 4 mod_jrun Apache Module Buffer Overflow Vulnerability

CONFIRM - http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html

SECUNIA - 12647


Last Updated: 27 May 2016 10:38:42