This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.
The remote web application server is affected by multiple flaws.
The remote host is running JRun, a J2EE application server running on
top of IIS or Apache. There are multiple flaws in the remote version
of this software :
- The JSESSIONID variable is not implemented securely. An attacker may
use this flaw to guess the session id number of other users. Only
JRun 4.0 is affected.
- There is a code disclosure issue that may allow an attacker to obtain
the contents of a .cfm file by appending '
.cfm' to the file name.
Only the Microsoft IIS connector and JRun 4.0 are affected.
- There is a buffer overflow vulnerability if the server connector is
configured in 'verbose' mode. An attacker may exploit this flaw to
execute arbitrary code on the remote host.
See also :
Apply the appropriate patch / updater referenced in the vendor
Risk factor :
Medium / CVSS Base Score : 5.1
CVSS Temporal Score : 4.4
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 14810 (jrun_multiple_flaws.nasl)
Bugtraq ID: 1124511331114111141311414
CVE ID: CVE-2004-0646CVE-2004-0928CVE-2004-1477CVE-2004-1478CVE-2004-2182
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.