CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
94.4%
Added: 12/10/2005
CVE: CVE-2004-0646
BID: 11245
OSVDB: 10546
Macromedia JRun is a J2EE application server. mod_jrun is an Apache module which enables the use of JRun applications through an Apache web server.
A buffer overflow vulnerability in mod_jrun and mod_jrun20 allows a remote attacker to execute arbitrary commands on the web server if verbose logging is enabled.
Apply the patch referenced in Macromedia Security Bulletin 04-08.
[http://www.idefense.com/intelligence/vulnerabilities/display.php?id=145&type=vulnerabilities ](<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=145&type=vulnerabilities
>)
Exploit works on JRun 4 SP1a with verbose logging enabled.
Windows 2000
Windows XP / Windows XP SP1
Windows XP SP2
Windows Server 2003
Red Hat / Linux
CentOS