Info

Disclosure

Sep 23, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in JRun, ColdFusion MX and ColdFusion MX J2EE - JRun. They fail to properly check boundaries in the verbose logging module resulting in a buffer overflow. With a specially crafted request, an attacker can cause a DoS resulting in a loss of availability.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Macromedia, Inc. has released a patch to address this vulnerability. As a workaround, disable the verbose debug mode.

Products

Macromedia, Inc.	JRun	4.0
		3.1
		3.0
	ColdFusion MX	6.1
		6.0
	ColdFusion MX J2EE - JRun	6.1

References

Security Tracker: 1011404
Related OSVDB ID: 10238 10239 10240
Secunia Advisory ID: 12638 12647
Vendor URL: http://www.macromedia.com/
Vendor Specific Advisory URL: http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html
http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html

Credit

iDEFENSE - idlabs-advisoriesidefense.com - iDEFENSE

Direct URL: http://osvdb.org/36218