Info

Disclosure

Sep 23, 2004

Discovery

Unknown

Dates

Exploit

Sep 23, 2004

Solution

Unknown

Description

JRun Server Management Console contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the JRun Console script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Macromedia has released a set of patches to address this vulnerability.

Products

Macromedia, Inc.	JRun	4.0
		3.x

References

Security Tracker: 1011404
Related OSVDB ID: 10238 10240 10241
Secunia Advisory ID: 12638
CVE ID: 2004-1477 (see also: NVD)
Keyword: ASPR #2004-10-14-1-PUB
Other Advisory URL: http://www.acrossecurity.com/aspr/ASPR-2004-10-14-1-PUB.txt
Vendor URL: http://www.macromedia.com/
Vendor Specific Advisory URL: http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html

Credit

@Stake Advisories - advisoriesatstake.com - @Stake, Inc.
Acros -
iDefense - iDefense

Direct URL: http://osvdb.org/10239

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Macromedia, Inc.

JRun

References

Credit