header-logo
Suggest Exploit
vendor:
JRun
by:
SecurityFocus
8.8
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: JRun
Affected Version From: 4
Affected Version To: 4
Patch Exists: YES
Related CWE: CVE-2002-0647
CPE: o:macromedia:jrun
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

Macromedia JRun Authentication Bypass

Macromedia JRun is prone to an authentication bypass vulnerability which allows remote attackers to bypass the authentication page for the admin server. This can be exploited by adding an extraneous '/' to a request for the administrative authentication page. This can allow attackers to access administrative functions such as shutting down the JRun server instance on port 8100.

Mitigation:

Users should upgrade to the latest version of Macromedia JRun.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5118/info

Macromedia JRun is prone to an issue which may allow remote attackers to bypass the authentication page for the admin server. This may be exploited by adding an extraneous '/' to a request for the administrative authentication page.

http://JRun-Server:8000//welcome.jsp?&action=stop&server=default

will shutdown the 'default' JRun server instance on port 8100. Other
administrative functions can also be accessed.

Navigation

Suggest Exploit

Services By CQR