JRun Multiple Vulnerabilities (OF, XSS, ID, Hijacking)

This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.


Synopsis :

The remote web application server is affected by multiple flaws.

Description :

The remote host is running JRun, a J2EE application server running on
top of IIS or Apache. There are multiple flaws in the remote version
of this software :

- The JSESSIONID variable is not implemented securely. An attacker may
use this flaw to guess the session id number of other users. Only
JRun 4.0 is affected.

- There is a code disclosure issue that may allow an attacker to obtain
the contents of a .cfm file by appending '
.cfm' to the file name.
Only the Microsoft IIS connector and JRun 4.0 are affected.

- There is a buffer overflow vulnerability if the server connector is
configured in 'verbose' mode. An attacker may exploit this flaw to
execute arbitrary code on the remote host.

See also :

http://www.acrossecurity.com/papers/session_fixation.pdf
http://www.nessus.org/u?10a5f865
http://www.nessus.org/u?60f8f589
http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html
http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html

Solution :

Apply the appropriate patch / updater referenced in the vendor
advisories above.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.4
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 14810 (jrun_multiple_flaws.nasl)

Bugtraq ID: 11245
11331
11411
11413
11414

CVE ID: CVE-2004-0646
CVE-2004-0928
CVE-2004-1477
CVE-2004-1478
CVE-2004-2182