SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Macromedia JRun Vendors:   Macromedia
(Vendor Issues Fix) Macromedia JRun SOAP Request Processing Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1009434
SecurityTracker URL:  http://securitytracker.com/id/1009434
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 16 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.0
Description:   A vulnerability was reported in the Macromedia JRun Server in the processing of SOAP requests. A remote user can cause denial of service conditions on the target system.

Sanctum reported that a remote user can send a specially crafted SOAP request to cause denial of service conditions on the target SOAP server. If the request does not contain the expected array of objects as one of the arguments, the flaw can reportedly be triggered.

Impact:   A remote user can cause denial of service conditions on the target system.
Solution:   The vendor has issued a fix. For ColdFusion MX 6.0,6.1/JRun 4.0, a patch is available at:

http://download.macromedia.com/pub/security/mpsb04-04.zip

See the bulletin for specific installation instructions.

Vendor URL:  www.macromedia.com/devnet/security/security_zone/mpsb04-04.html (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Linux (Red Hat Linux), Linux (SuSE), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Mar 15 2004 Macromedia JRun SOAP Request Processing Bug Lets Remote Users Deny Service



 Source Message Contents

Subject:  http://www.macromedia.com/devnet/security/security_zone/mpsb04-04.html


http://www.macromedia.com/devnet/security/security_zone/mpsb04-04.html

 > MPSB04-04 Security Patch available for ColdFusion MX and JRun 4.0 Web Services DoS

 > Originally posted: March 15, 2004
 > Last updated: March 15, 2004

Macromedia issued a security advisory warning of a denial of service vulnerability in 
ColdFusion MX and JRun 4.0 Web Services.  The following versions are affected:

     * JRun 4.0 (all editions)
     * ColdFusionMX 6.0, 6.1
     * ColdFusionMX 6.0, 6.1 J2EE (all editions)

According to the bulletin, ColdFusion Version 5 and earlier versions and JRun 3.1 and 
earlier versions are not affected.

Also, the default ColdFusionMX and JRun 4.0 installations are not vulnerable because they 
do not contain any deployed web services, the vendor said.

Macromedia has assigned a 'critical' severity rating to this vulnerability.

For ColdFusion MX 6.0,6.1/JRun 4.0, a patch is available at:

http://download.macromedia.com/pub/security/mpsb04-04.zip

See the bulletin for specific installation instructions.

Macromedia credits Sanctum with reporting this flaw.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC