CVE Vulnerabilities

CVE-2004-0646

Published: Dec 23, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.

Affected Software

Name Vendor Start Version End Version
Coldfusion Macromedia 6.0 6.0
Coldfusion Macromedia 6.1 6.1
Jrun Macromedia 3.0 3.0
Jrun Macromedia 3.1 3.1
Jrun Macromedia 4.0 4.0

References