Skip navigation
Menu
Security

Buffer Overrun Vulnerability in Macromedia JRun Server 3.0/3.1

Reported May 29, 2002, by David Litchfield.

VERSIONS AFFECTED

 

·         Macromedia JRun Server 3.1 and 3.0 builds prior to 26414

 

DESCRIPTION
A buffer overrun condition exists in Macromedia’s JRun Server 3.1 and 3.0. The Internet Server AP (ISAPI) .dll filter that JRun uses to handle requests for .jsp resources doesn't properly handle overly long host header fields. As a result, an attacker can gain control over the process’ execution. Visit the discoverer’s Web site for a more detailed advisory.

 

VENDOR RESPONSE

Macromedia has released a bulletin regarding this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.

 

CREDIT
Discovered by David Litchfield of Next Generation Security Software.

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
a digital padlock icon with multiple colors
Cybersecurity Workforce Sustainability Has a Problem. DEI Could Be the Solution.
May 06, 2024
the word acronym spelled out with wooden pieces
Cybersecurity Acronyms Cheat Sheet
May 06, 2024
clinician securely sharing sensitive healthcare data across mobile devices and medical practices
How to Ensure Data Protection, IT Security, and Compliance in Life Sciences
Apr 30, 2024
DevSecOps concept
90% of Java Services in Production Have Vulnerability Risk, DevSecOps Report Finds
Apr 20, 2024