Signature Detail

HTTP: ColdFusion JRun Header Logger Overflow

This signature detects attempts to exploit a known vulnerability in the JRun component of Macromedia ColdFusion Web server. Attackers can send overly long HTTP headers to overflow the logging function, enabling an attacker to crash or take control of the Web server.

Extended Description

Multiple vulnerabilities are reported in Macromedia JRun. The first vulnerability is reported to exist in an insecure implementation of a session variable, 'JSESSIONID'. This vulnerability allows remote attackers to bypass authentication checks, and may possibly allow them to gain administrative access to the web application. The second issue is a source code disclosure vulnerability. This vulnerability allows attackers to retrieve the contents of potentially sensitive script files. This may aid them in further attacks. The third issue is a buffer overflow vulnerability allowing remote attackers to reportedly crash affected servers. Versions 3.0, 3.1, and 4.0 are reportedly affected by these vulnerabilities.

Affected Products

• Hitachi Cosminexus Enterprise Enterprise Edition 01-01 (*1)
• Hitachi Cosminexus Enterprise Enterprise Edition 01-02 (*2)
• Hitachi Cosminexus Enterprise Standard Edition 01-01 (*1)
• Hitachi Cosminexus Enterprise Standard Edition 01-02 (*2)
• Hitachi Cosminexus Server Web Edition 01-01 (*1)
• Hitachi Cosminexus Server Web Edition 01-02 (*2)
• Macromedia ColdFusion MX 6.0.0
• Macromedia ColdFusion MX 6.1.0
• Macromedia ColdFusion MX J2EE 6.1.0
• Macromedia JRun 3.0.0
• Macromedia JRun 3.1.0
• Macromedia JRun 4.0.0

References

• BugTraq: 11245
• BugTraq: 6122
• CVE: CVE-2004-0646
• CVE: CVE-2002-1310
• URL: http://www.kb.cert.org/vuls/id/584958
• URL: http://www.juniper.net/security/auto/vulnerabilities/vuln1711.html