Gain a shell remotely : Macromedia JRun Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.14810

Categoría: Gain a shell remotely

Título: Macromedia JRun Multiple Vulnerabilities

Resumen: NOSUMMARY

Descripción: Description:

The remote host is running JRun, a J2EE application server running on top
of IIS or Apache.

There are multiple flaws in the remote version of this software :

- The JSESSIONID variable is not implemented securely. An attacker may
use this flaw to guess the session id number of other users

- There is a code disclosure issue which may allow an attacker to obtain
the contents of a .cfm file by appending '
.cfm' to the file name

- There is a buffer overflow vulnerability if the server connector is
configured in 'verbose' mode. An attacker may exploit this flaw to
execute arbitrary code on the remote host.

See also :
http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html
http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html

Solution : Upgrade to the newest version of this software
Risk factor : High

Referencia Cruzada: BugTraq ID: 11245
Common Vulnerability Exposure (CVE) ID: CVE-2004-1478
http://www.securityfocus.com/bid/11245
Bugtraq: 20040923 New Macromedia Security Zone Bulletins Posted (Google Search)
http://marc.info/?l=bugtraq&m=109621995623823&w=2
CERT/CC vulnerability note: VU#584958
http://www.kb.cert.org/vuls/id/584958
http://secunia.com/advisories/12638/
XForce ISS Database: jrun-jsessionid-hijack(17481)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17481
Common Vulnerability Exposure (CVE) ID: CVE-2004-1477
CERT/CC vulnerability note: VU#668206
http://www.kb.cert.org/vuls/id/668206
XForce ISS Database: jrun-management-console-xss(17483)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17483
Common Vulnerability Exposure (CVE) ID: CVE-2004-0928
CERT/CC vulnerability note: VU#977440
http://www.kb.cert.org/vuls/id/977440
http://www.idefense.com/application/poi/display?id=148&type=vulnerabilities
http://secunia.com/advisories/12647/
XForce ISS Database: coldfusion-jrun-restriction-bypass(17484)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17484
Common Vulnerability Exposure (CVE) ID: CVE-2004-0646
Bugtraq: 20040929 iDEFENSE Security Advisory 09.29.04 - Macromedia JRun 4 mod_jrun Apache Module Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/377194
CERT/CC vulnerability note: VU#990200
http://www.kb.cert.org/vuls/id/990200
XForce ISS Database: coldfusion-jrun-verbose-bo(17485)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17485

Copyright This script is Copyright (C) 2004 Tenable Network Security

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.14810
Categoría:	Gain a shell remotely
Título:	Macromedia JRun Multiple Vulnerabilities
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is running JRun, a J2EE application server running on top of IIS or Apache. There are multiple flaws in the remote version of this software : - The JSESSIONID variable is not implemented securely. An attacker may use this flaw to guess the session id number of other users - There is a code disclosure issue which may allow an attacker to obtain the contents of a .cfm file by appending ' .cfm' to the file name - There is a buffer overflow vulnerability if the server connector is configured in 'verbose' mode. An attacker may exploit this flaw to execute arbitrary code on the remote host. See also : http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html Solution : Upgrade to the newest version of this software Risk factor : High
Referencia Cruzada:	BugTraq ID: 11245 Common Vulnerability Exposure (CVE) ID: CVE-2004-1478 http://www.securityfocus.com/bid/11245 Bugtraq: 20040923 New Macromedia Security Zone Bulletins Posted (Google Search) http://marc.info/?l=bugtraq&m=109621995623823&w=2 CERT/CC vulnerability note: VU#584958 http://www.kb.cert.org/vuls/id/584958 http://secunia.com/advisories/12638/ XForce ISS Database: jrun-jsessionid-hijack(17481) https://exchange.xforce.ibmcloud.com/vulnerabilities/17481 Common Vulnerability Exposure (CVE) ID: CVE-2004-1477 CERT/CC vulnerability note: VU#668206 http://www.kb.cert.org/vuls/id/668206 XForce ISS Database: jrun-management-console-xss(17483) https://exchange.xforce.ibmcloud.com/vulnerabilities/17483 Common Vulnerability Exposure (CVE) ID: CVE-2004-0928 CERT/CC vulnerability note: VU#977440 http://www.kb.cert.org/vuls/id/977440 http://www.idefense.com/application/poi/display?id=148&type=vulnerabilities http://secunia.com/advisories/12647/ XForce ISS Database: coldfusion-jrun-restriction-bypass(17484) https://exchange.xforce.ibmcloud.com/vulnerabilities/17484 Common Vulnerability Exposure (CVE) ID: CVE-2004-0646 Bugtraq: 20040929 iDEFENSE Security Advisory 09.29.04 - Macromedia JRun 4 mod_jrun Apache Module Buffer Overflow Vulnerability (Google Search) http://www.securityfocus.com/archive/1/377194 CERT/CC vulnerability note: VU#990200 http://www.kb.cert.org/vuls/id/990200 XForce ISS Database: coldfusion-jrun-verbose-bo(17485) https://exchange.xforce.ibmcloud.com/vulnerabilities/17485
Copyright	This script is Copyright (C) 2004 Tenable Network Security