Macromedia JRun Multiple Remote Vulnerabilities

Multiple vulnerabilities are reported in Macromedia JRun.

The first vulnerability is reported to exist in an insecure implementation of a session variable, 'JSESSIONID'. This vulnerability allows remote attackers to bypass authentication checks, and may possibly allow them to gain administrative access to the web application.

The second issue is a source code disclosure vulnerability. This vulnerability allows attackers to retrieve the contents of potentially sensitive script files. This may aid them in further attacks.

The third issue is a buffer overflow vulnerability allowing remote attackers to reportedly crash affected servers.

Versions 3.0, 3.1, and 4.0 are reportedly affected by these vulnerabilities.


 

Privacy Statement
Copyright 2010, SecurityFocus