HTTP: ColdFusion JRun Header Logger Overflow

This signature detects attempts to exploit a known vulnerability in the JRun component of Macromedia ColdFusion Web server. Attackers can send overly long HTTP headers to overflow the logging function, enabling an attacker to crash or take control of the Web server.

Extended Description

Multiple vulnerabilities are reported in Macromedia JRun. The first vulnerability is reported to exist in an insecure implementation of a session variable, 'JSESSIONID'. This vulnerability allows remote attackers to bypass authentication checks, and may possibly allow them to gain administrative access to the web application. The second issue is a source code disclosure vulnerability. This vulnerability allows attackers to retrieve the contents of potentially sensitive script files. This may aid them in further attacks. The third issue is a buffer overflow vulnerability allowing remote attackers to reportedly crash affected servers. Versions 3.0, 3.1, and 4.0 are reportedly affected by these vulnerabilities.

Affected Products

Macromedia jrun

References

BugTraq: 6122 11245

CVE: CVE-2002-1310

URL: http://www.kb.cert.org/vuls/id/584958 http://www.juniper.net/security/auto/vulnerabilities/vuln1711.html

Short Name

HTTP:COLDFUSION:HEADER-LOG-OF

Severity

Major

Recommended

False

Recommended Action

Drop

HTTP: ColdFusion JRun Header Logger Overflow

Extended Description

Affected Products

References

Found a potential security threat?