ID CVE-2004-0928
Summary The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
References
Vulnerable Configurations
  • cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:-:enterprise
    cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:-:enterprise
  • cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:-:standard
    cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:-:standard
  • cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:-:enterprise
    cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:-:enterprise
  • cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:-:standard
    cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:-:standard
  • cpe:2.3:a:hitachi:cosminexus_server:web_01-01_1
    cpe:2.3:a:hitachi:cosminexus_server:web_01-01_1
  • cpe:2.3:a:hitachi:cosminexus_server:web_01-01_2
    cpe:2.3:a:hitachi:cosminexus_server:web_01-01_2
  • Macromedia ColdFusion 6.0
    cpe:2.3:a:macromedia:coldfusion:6.0
  • Macromedia ColdFusion MX 6.1
    cpe:2.3:a:macromedia:coldfusion:6.1
  • Macromedia JRun 3.0
    cpe:2.3:a:macromedia:jrun:3.0
  • Macromedia JRun 3.1
    cpe:2.3:a:macromedia:jrun:3.1
  • Macromedia JRun 4.0
    cpe:2.3:a:macromedia:jrun:4.0
CVSS
Base: 5.0 (as of 17-06-2005 - 13:44)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family Web Servers
NASL id JRUN_MULTIPLE_FLAWS.NASL
description The remote host is running JRun, a J2EE application server running on top of IIS or Apache. There are multiple flaws in the remote version of this software : - The JSESSIONID variable is not implemented securely. An attacker may use this flaw to guess the session id number of other users. Only JRun 4.0 is affected. - There is a code disclosure issue that may allow an attacker to obtain the contents of a .cfm file by appending ';.cfm' to the file name. Only the Microsoft IIS connector and JRun 4.0 are affected. - There is a buffer overflow vulnerability if the server connector is configured in 'verbose' mode. An attacker may exploit this flaw to execute arbitrary code on the remote host.
last seen 2019-02-21
modified 2018-07-12
plugin id 14810
published 2004-09-24
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=14810
title JRun Multiple Vulnerabilities (OF, XSS, ID, Hijacking)
refmap via4
bid 11245
bugtraq 20040923 New Macromedia Security Zone Bulletins Posted
cert-vn VU#977440
confirm
idefense 20041005 ColdFusion MX 6.1 on IIS File Contents Disclosure
secunia
  • 12638
  • 12647
xf coldfusion-jrun-restriction-bypass(17484)
saint via4
bid 11245
description JRun mod_jrun WriteToLog buffer overflow
osvdb 10546
title jrun_writetolog_bo
type remote
Last major update 17-10-2016 - 22:49
Published 05-10-2004 - 00:00
Last modified 10-07-2017 - 21:30
Back to Top