Buffer overflow in the WriteToLog function for JRun 3.0 up to and including 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote malicious users to execute arbitrary code via a long HTTP header Content-Type field or other fields.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
macromedia coldfusion 6.0 |
||
macromedia coldfusion 6.1 |
||
macromedia jrun 4.0 |
||
macromedia jrun 3.0 |
||
macromedia jrun 3.1 |