Macromedia JRun Multiple Remote Vulnerabilities
Multiple vulnerabilities are reported in Macromedia JRun.
The first vulnerability is reported to exist in an insecure implementation of a session variable, 'JSESSIONID'. This vulnerability allows remote attackers to bypass authentication checks, and may possibly allow them to gain administrative access to the web application.
The second issue is a source code disclosure vulnerability. This vulnerability allows attackers to retrieve the contents of potentially sensitive script files. This may aid them in further attacks.
The third issue is a buffer overflow vulnerability allowing remote attackers to reportedly crash affected servers.
Versions 3.0, 3.1, and 4.0 are reportedly affected by these vulnerabilities.