Lucene search

SAINT CorporationSAINT:E082A8B9056BFDC73ACA39B057341A40

HistoryDec 10, 2005 - 12:00 a.m.

JRun mod_jrun WriteToLog buffer overflow

2005-12-1000:00:00

SAINT Corporation

download.saintcorporation.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.082 Low

EPSS

Percentile

94.3%

JSON

Added: 12/10/2005
CVE: CVE-2004-0646
BID: 11245
OSVDB: 10546

Background

Macromedia JRun is a J2EE application server. mod_jrun is an Apache module which enables the use of JRun applications through an Apache web server.

Problem

A buffer overflow vulnerability in mod_jrun and mod_jrun20 allows a remote attacker to execute arbitrary commands on the web server if verbose logging is enabled.

Resolution

Apply the patch referenced in Macromedia Security Bulletin 04-08.

References

[http://www.idefense.com/intelligence/vulnerabilities/display.php?id=145&type=vulnerabilities ](<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=145&type=vulnerabilities
>)

Limitations

Exploit works on JRun 4 SP1a with verbose logging enabled.

Platforms

Windows 2000
Windows XP / Windows XP SP1
Windows XP SP2
Windows Server 2003
Red Hat / Linux
CentOS

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.082 Low

EPSS

Percentile

94.3%

JSON

Related for SAINT:E082A8B9056BFDC73ACA39B057341A40