Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.14810
Kategorie:Gain a shell remotely
Titel:Macromedia JRun Multiple Vulnerabilities
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is running JRun, a J2EE application server running on top
of IIS or Apache.

There are multiple flaws in the remote version of this software :

- The JSESSIONID variable is not implemented securely. An attacker may
use this flaw to guess the session id number of other users


- There is a code disclosure issue which may allow an attacker to obtain
the contents of a .cfm file by appending '
.cfm' to the file name

- There is a buffer overflow vulnerability if the server connector is
configured in 'verbose' mode. An attacker may exploit this flaw to
execute arbitrary code on the remote host.

See also :
http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html
http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html


Solution : Upgrade to the newest version of this software
Risk factor : High

Querverweis: BugTraq ID: 11245
Common Vulnerability Exposure (CVE) ID: CVE-2004-1478
http://www.securityfocus.com/bid/11245
Bugtraq: 20040923 New Macromedia Security Zone Bulletins Posted (Google Search)
http://marc.info/?l=bugtraq&m=109621995623823&w=2
CERT/CC vulnerability note: VU#584958
http://www.kb.cert.org/vuls/id/584958
http://secunia.com/advisories/12638/
XForce ISS Database: jrun-jsessionid-hijack(17481)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17481
Common Vulnerability Exposure (CVE) ID: CVE-2004-1477
CERT/CC vulnerability note: VU#668206
http://www.kb.cert.org/vuls/id/668206
XForce ISS Database: jrun-management-console-xss(17483)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17483
Common Vulnerability Exposure (CVE) ID: CVE-2004-0928
CERT/CC vulnerability note: VU#977440
http://www.kb.cert.org/vuls/id/977440
http://www.idefense.com/application/poi/display?id=148&type=vulnerabilities
http://secunia.com/advisories/12647/
XForce ISS Database: coldfusion-jrun-restriction-bypass(17484)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17484
Common Vulnerability Exposure (CVE) ID: CVE-2004-0646
Bugtraq: 20040929 iDEFENSE Security Advisory 09.29.04 - Macromedia JRun 4 mod_jrun Apache Module Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/377194
CERT/CC vulnerability note: VU#990200
http://www.kb.cert.org/vuls/id/990200
XForce ISS Database: coldfusion-jrun-verbose-bo(17485)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17485
CopyrightThis script is Copyright (C) 2004 Tenable Network Security

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.