Reported May 29, 2002, by David Litchfield.
· Macromedia JRun Server 3.1 and 3.0 builds prior to 26414
A buffer overrun condition exists in Macromedia’s JRun Server 3.1 and 3.0. The Internet Server AP (ISAPI) .dll filter that JRun uses to handle requests for .jsp resources doesn't properly handle overly long host header fields. As a result, an attacker can gain control over the process’ execution. Visit the discoverer’s Web site for a more detailed advisory.