SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Macromedia JRun Vendors:   Macromedia
(Vendor Issues Fix) Re: Macromedia JRun Server Bug in Processing Unicode Null Characters in URL Discloses JSP Source Code to Remote Users
SecurityTracker Alert ID:  1005550
SecurityTracker URL:  http://securitytracker.com/id/1005550
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 6 2002
Impact:   Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.0, 3.1, 4.0
Description:   KPMG reported an information disclosure vulnerability in Macromedia's JRun Java server. A remote user can view the source code of JSP pages.

It is reported that a remote user can supply any of several URL strings to cause the web server to display the unparsed '.jsp' file. One method to trigger this flaw is to append a unicoded null character to a valid URL request string.

Impact:   A remote user can view '.jsp' source code.
Solution:   The vendor has released a cumulative patch. For the patch matrix (providing patches in English, French, and Japanese), see the vendor bulletin at:

http://www.macromedia.com/v1/Handlers/index.cfm?ID=23500

Also, patch-specific instructions are provided in the vendor bulletin.

The bulletin notes that JRun 4.0 users that have upgraded to JRun4 SP1 or SP1a do not need to download this patch.

Vendor URL:  www.macromedia.com/v1/Handlers/index.cfm?ID=23500 (Links to External Site)
Cause:   Exception handling error, Input validation error
Underlying OS:  Windows (NT), Windows (2000)

Message History:   This archive entry is a follow-up to the message listed below.
Jul 1 2002 Macromedia JRun Server Bug in Processing Unicode Null Characters in URL Discloses JSP Source Code to Remote Users



 Source Message Contents

Subject:  Macromedia JRun Cumulative Patch


http://www.macromedia.com/v1/Handlers/index.cfm?ID=23500

Macromedia issued a security bulletin (MPSB02-12) announcing a cumulative security patch
for JRun 3.0, 3.1 and 4.0.


According to the report, this patch resolves the following vulnerabilities:

Windows/Microsoft IIS specific

    * JRun log file/jrun.ini file disclosure.
    * Buffer overflow with long URL.

Other Fixes

    * Fix for a regression with relative path includes caused by the previous security
update MPSP02-07. (All Platforms, All Web Servers)
    * Netscape/IPlanet header USER_AGENT not available with getHeader() calls. 
    * JSP source code disclosure using unicode escape characters in the JRun Web Server
(the non-production internal web server) on non-Windows platforms.


The bulletin notes that JRun 4.0 users that have upgraded to JRun4 SP1 or SP1a do not need
to download this patch.

For the patch matrix (providing patches in English, French, and Japanese), see the vendor
bulletin at:

http://www.macromedia.com/v1/Handlers/index.cfm?ID=23500

Also, patch-specific instructions are provided in the vendor bulletin.


Macromedia credits the following people for reporting these flaws:

    * Peter Grundl of KPMG and http://www.kpmg.dk. for reporting several denial of
service, heap overflow and multiple view source vulnerabilities.
    * Royans Tharakan of Ingenuity and http://www.ingenuity.com for reporting a source
code disclosure.
    * Marc  Maiffret of eEye Digitial Security and http://www.eEye.com for reporting a
buffer overflow problem.


[Editor's note:  We regret that the original Macromedia security bulletin cannot be
reproduced due to copyright restrictions.  If you feel that this impedes your ability to
secure your systems, please contact Macromedia at secure@macromedia.com to request that
their security bulletins provide a copyright release.]



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC