ID CVE-2004-1477
Summary Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session.
References
Vulnerable Configurations
  • Macromedia JRun 3.0
    cpe:2.3:a:macromedia:jrun:3.0
  • Macromedia JRun 3.1
    cpe:2.3:a:macromedia:jrun:3.1
  • Macromedia JRun 4.0
    cpe:2.3:a:macromedia:jrun:4.0
CVSS
Base: 4.3 (as of 28-06-2005 - 11:31)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
NASL family Web Servers
NASL id JRUN_MULTIPLE_FLAWS.NASL
description The remote host is running JRun, a J2EE application server running on top of IIS or Apache. There are multiple flaws in the remote version of this software : - The JSESSIONID variable is not implemented securely. An attacker may use this flaw to guess the session id number of other users. Only JRun 4.0 is affected. - There is a code disclosure issue that may allow an attacker to obtain the contents of a .cfm file by appending ';.cfm' to the file name. Only the Microsoft IIS connector and JRun 4.0 are affected. - There is a buffer overflow vulnerability if the server connector is configured in 'verbose' mode. An attacker may exploit this flaw to execute arbitrary code on the remote host.
last seen 2019-01-16
modified 2018-07-12
plugin id 14810
published 2004-09-24
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=14810
title JRun Multiple Vulnerabilities (OF, XSS, ID, Hijacking)
refmap via4
bid 11245
bugtraq 20040923 New Macromedia Security Zone Bulletins Posted
cert-vn VU#668206
confirm http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html
secunia 12638
xf jrun-management-console-xss(17483)
saint via4
bid 11245
description JRun mod_jrun WriteToLog buffer overflow
osvdb 10546
title jrun_writetolog_bo
type remote
Last major update 17-10-2016 - 22:54
Published 31-12-2004 - 00:00
Last modified 10-07-2017 - 21:31
Back to Top