var-200703-0122
Vulnerability from variot
Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. Adobe JRun and ColdFusion MX of IIS Connector has a service disruption (DoS) There is a vulnerability that becomes a condition.Service disruption by a third party (DoS) There is a possibility of being put into a state. Adobe JRun is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. This issue affects Microsoft IIS 6 installations running JRun 4 Updater 6.
Want a new job? http://secunia.com/secunia_vacancies/
Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/
TITLE: Adobe JRun IIS 6 Connector Denial of Service
SECUNIA ADVISORY ID: SA24488
VERIFY ADVISORY: http://secunia.com/advisories/24488/
CRITICAL: Moderately critical
IMPACT: DoS
WHERE:
From remote
SOFTWARE: Adobe ColdFusion MX 7.x http://secunia.com/product/4984/ Macromedia ColdFusion MX 6.x http://secunia.com/product/864/ Macromedia Jrun 4.x http://secunia.com/product/863/
DESCRIPTION: A vulnerability has been reported in Adobe JRun, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within JRun\x92s IIS connector when handling certain requests for resources. This can be exploited via e.g. requesting a file within the web root and then performing certain actions.
The vulnerability is reported in the following products with IIS 6: * JRun 4 Updater 6 * Adobe ColdFusion MX 7.0 Enterprise Edition, if installed as the "Multi-Server" option * Adobe ColdFusion MX 6.1 Enterprise, if installed with the "J2EE" option and deployed on JRun 4.0 Updater 6
Adobe ColdFusion MX 6.1 and 7.0 Standard editions are not affected by this issue.
SOLUTION: Apply hotfix (see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: The vendor credits Shoji Kamiichi, NEC.
ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb07-07.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200703-0122",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coldfusion",
"scope": "eq",
"trust": 1.0,
"vendor": "adobe",
"version": "6.1"
},
{
"model": "jrun",
"scope": "eq",
"trust": 1.0,
"vendor": "adobe",
"version": "4.0"
},
{
"model": "coldfusion",
"scope": "eq",
"trust": 1.0,
"vendor": "adobe",
"version": "7.0"
},
{
"model": "coldfusion",
"scope": "eq",
"trust": 0.8,
"vendor": "adobe",
"version": "mx mx 6.1 and 7.0 enterprise"
},
{
"model": "jrun",
"scope": "eq",
"trust": 0.8,
"vendor": "adobe",
"version": "4.0 updater 6"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6"
},
{
"model": "iis",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "jrun updater",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "4.06"
},
{
"model": "coldfusion mx enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "7.0"
},
{
"model": "coldfusion mx enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "adobe",
"version": "6.1"
}
],
"sources": [
{
"db": "BID",
"id": "22958"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001655"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-412"
},
{
"db": "NVD",
"id": "CVE-2007-1278"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:adobe:coldfusion",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:adobe:jrun",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001655"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shoji Kamiichi",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-412"
}
],
"trust": 0.6
},
"cve": "CVE-2007-1278",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2007-1278",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-1278",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-1278",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200703-412",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001655"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-412"
},
{
"db": "NVD",
"id": "CVE-2007-1278"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root. Adobe JRun and ColdFusion MX of IIS Connector has a service disruption (DoS) There is a vulnerability that becomes a condition.Service disruption by a third party (DoS) There is a possibility of being put into a state. Adobe JRun is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions. \nAn attacker can exploit this issue to crash the affected application, denying service to legitimate users. \nThis issue affects Microsoft IIS 6 installations running JRun 4 Updater 6. \n\n----------------------------------------------------------------------\n\nWant a new job?\nhttp://secunia.com/secunia_vacancies/\n\nSecunia is looking for new researchers with a reversing background\nand experience in writing exploit code:\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\nhttp://secunia.com/Disassembling_og_Reversing/\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe JRun IIS 6 Connector Denial of Service\n\nSECUNIA ADVISORY ID:\nSA24488\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24488/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nAdobe ColdFusion MX 7.x\nhttp://secunia.com/product/4984/\nMacromedia ColdFusion MX 6.x\nhttp://secunia.com/product/864/\nMacromedia Jrun 4.x\nhttp://secunia.com/product/863/\n\nDESCRIPTION:\nA vulnerability has been reported in Adobe JRun, which potentially\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nThe vulnerability is caused due to an error within JRun\\x92s IIS\nconnector when handling certain requests for resources. This can be\nexploited via e.g. requesting a file within the web root and then\nperforming certain actions. \n\nThe vulnerability is reported in the following products with IIS 6:\n* JRun 4 Updater 6\n* Adobe ColdFusion MX 7.0 Enterprise Edition, if installed as the\n\"Multi-Server\" option\n* Adobe ColdFusion MX 6.1 Enterprise, if installed with the \"J2EE\"\noption and deployed on JRun 4.0 Updater 6\n\nAdobe ColdFusion MX 6.1 and 7.0 Standard editions are not affected by\nthis issue. \n\nSOLUTION:\nApply hotfix (see the vendor\u0027s advisory for details). \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Shoji Kamiichi, NEC. \n\nORIGINAL ADVISORY:\nAdobe:\nhttp://www.adobe.com/support/security/bulletins/apsb07-07.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-1278"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001655"
},
{
"db": "BID",
"id": "22958"
},
{
"db": "PACKETSTORM",
"id": "55081"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-1278",
"trust": 2.7
},
{
"db": "BID",
"id": "22958",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "24488",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-0932",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1017752",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "34039",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001655",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200703-412",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "55081",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "22958"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001655"
},
{
"db": "PACKETSTORM",
"id": "55081"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-412"
},
{
"db": "NVD",
"id": "CVE-2007-1278"
}
]
},
"id": "VAR-200703-0122",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-23T23:13:20.402000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB07-07",
"trust": 0.8,
"url": "http://www.adobe.com/support/security/bulletins/apsb07-07.html"
},
{
"title": "Microsoft IIS",
"trust": 0.8,
"url": "http://www.iis.net/"
},
{
"title": "Adobe ColdFusion and Adobe JRun IIS connector Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94516"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001655"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-412"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001655"
},
{
"db": "NVD",
"id": "CVE-2007-1278"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.adobe.com/support/security/bulletins/apsb07-07.html"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32994"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/24488"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2007/0932"
},
{
"trust": 1.6,
"url": "http://osvdb.org/34039"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1017752"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/22958"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1278"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1278"
},
{
"trust": 0.3,
"url": "http://www.adobe.com"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/864/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/24488/"
},
{
"trust": 0.1,
"url": "http://secunia.com/disassembling_og_reversing/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4984/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/863/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "BID",
"id": "22958"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001655"
},
{
"db": "PACKETSTORM",
"id": "55081"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-412"
},
{
"db": "NVD",
"id": "CVE-2007-1278"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "22958"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001655"
},
{
"db": "PACKETSTORM",
"id": "55081"
},
{
"db": "CNNVD",
"id": "CNNVD-200703-412"
},
{
"db": "NVD",
"id": "CVE-2007-1278"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-13T00:00:00",
"db": "BID",
"id": "22958"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001655"
},
{
"date": "2007-03-17T02:22:27",
"db": "PACKETSTORM",
"id": "55081"
},
{
"date": "2007-03-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-412"
},
{
"date": "2007-03-16T20:19:00",
"db": "NVD",
"id": "CVE-2007-1278"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-14T20:04:00",
"db": "BID",
"id": "22958"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001655"
},
{
"date": "2019-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200703-412"
},
{
"date": "2024-11-21T00:27:56.350000",
"db": "NVD",
"id": "CVE-2007-1278"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-412"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe JRun and ColdFusion MX of IIS Service disruption in connectors (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001655"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200703-412"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.