Signature Detail

HTTP: ColdFusion JRun Semi-Colon Parsing Vulnerability

This signature detects attempts to exploit a known vulnerability in the JRun component of Macromedia ColdFusion Web server. Attackers can pass a semi-colon character to JRun to expose the script source code and other sensitive files.

Extended Description

Multiple vulnerabilities are reported in Macromedia JRun. The first vulnerability is reported to exist in an insecure implementation of a session variable, 'JSESSIONID'. This vulnerability allows remote attackers to bypass authentication checks, and may possibly allow them to gain administrative access to the web application. The second issue is a source code disclosure vulnerability. This vulnerability allows attackers to retrieve the contents of potentially sensitive script files. This may aid them in further attacks. The third issue is a buffer overflow vulnerability allowing remote attackers to reportedly crash affected servers. Versions 3.0, 3.1, and 4.0 are reportedly affected by these vulnerabilities.

Affected Products

• Hitachi Cosminexus Enterprise Enterprise Edition 01-01 (*1)
• Hitachi Cosminexus Enterprise Enterprise Edition 01-02 (*2)
• Hitachi Cosminexus Enterprise Standard Edition 01-01 (*1)
• Hitachi Cosminexus Enterprise Standard Edition 01-02 (*2)
• Hitachi Cosminexus Server Web Edition 01-01 (*1)
• Hitachi Cosminexus Server Web Edition 01-02 (*2)
• Macromedia ColdFusion MX 6.0.0
• Macromedia ColdFusion MX 6.1.0
• Macromedia ColdFusion MX J2EE 6.1.0
• Macromedia JRun 3.0.0
• Macromedia JRun 3.1.0
• Macromedia JRun 4.0.0

References

• BugTraq: 11245
• CVE: CVE-2004-0928
• URL: http://secunia.com/advisories/12638/
• URL: http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html
• URL: http://www.kb.cert.org/vuls/id/584958