ID CVE-2004-1478
Summary JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.
References
Vulnerable Configurations
  • cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:-:enterprise
    cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:-:enterprise
  • cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:-:standard
    cpe:2.3:a:hitachi:cosminexus_enterprise:01_01_1:-:standard
  • cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:-:enterprise
    cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:-:enterprise
  • cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:-:standard
    cpe:2.3:a:hitachi:cosminexus_enterprise:01_02_2:-:standard
  • cpe:2.3:a:hitachi:cosminexus_server:web_01-01_1
    cpe:2.3:a:hitachi:cosminexus_server:web_01-01_1
  • cpe:2.3:a:hitachi:cosminexus_server:web_01-01_2
    cpe:2.3:a:hitachi:cosminexus_server:web_01-01_2
  • Macromedia ColdFusion 6.0
    cpe:2.3:a:macromedia:coldfusion:6.0
  • Macromedia ColdFusion MX 6.1
    cpe:2.3:a:macromedia:coldfusion:6.1
  • cpe:2.3:a:macromedia:coldfusion:6.1:-:j2ee_application_server
    cpe:2.3:a:macromedia:coldfusion:6.1:-:j2ee_application_server
  • Macromedia JRun 3.0
    cpe:2.3:a:macromedia:jrun:3.0
  • Macromedia JRun 3.1
    cpe:2.3:a:macromedia:jrun:3.1
  • Macromedia JRun 4.0
    cpe:2.3:a:macromedia:jrun:4.0
CVSS
Base: 7.5 (as of 28-06-2005 - 12:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family Web Servers
NASL id JRUN_MULTIPLE_FLAWS.NASL
description The remote host is running JRun, a J2EE application server running on top of IIS or Apache. There are multiple flaws in the remote version of this software : - The JSESSIONID variable is not implemented securely. An attacker may use this flaw to guess the session id number of other users. Only JRun 4.0 is affected. - There is a code disclosure issue that may allow an attacker to obtain the contents of a .cfm file by appending ';.cfm' to the file name. Only the Microsoft IIS connector and JRun 4.0 are affected. - There is a buffer overflow vulnerability if the server connector is configured in 'verbose' mode. An attacker may exploit this flaw to execute arbitrary code on the remote host.
last seen 2019-01-16
modified 2018-07-12
plugin id 14810
published 2004-09-24
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=14810
title JRun Multiple Vulnerabilities (OF, XSS, ID, Hijacking)
refmap via4
bid 11245
bugtraq 20040923 New Macromedia Security Zone Bulletins Posted
cert-vn VU#584958
confirm http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html
secunia 12638
xf jrun-jsessionid-hijack(17481)
saint via4
bid 11245
description JRun mod_jrun WriteToLog buffer overflow
osvdb 10546
title jrun_writetolog_bo
type remote
Last major update 17-10-2016 - 22:54
Published 31-12-2004 - 00:00
Last modified 10-07-2017 - 21:31
Back to Top