[NT] JRun Source Code Disclosure

From: support@securiteam.com
Date: 07/01/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Mon,  1 Jul 2002 21:35:01 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  JRun Source Code Disclosure
------------------------------------------------------------------------

SUMMARY

It is possible for a malicious user to trick the JRun webserver into
disclosing source code.

DETAILS

Vulnerable systems:
 * JRun version 4.0 on Windows 2000 Server

Several types of strings can be attached to a legitimate request in order
to fool the webserver into serving up an unparsed .JSP file. The problem
occurs due to bad handling of NULL characters inside a request string
(i.e. by appending a unicoded NULL to the valid request string, you can
cause the server to incorrectly handle a JSP file).

Vendor Response:
This was reported to the vendor on 17 May 2002. On 27 June 2002, the
vendor released a cumulative patch for JRun that includes the patch for
this issue.

Corrective action:
Read the vendors advisory to determine which patch you need:
<http://www.macromedia.com/v1/handlers/index.cfm?ID=23164>
http://www.macromedia.com/v1/handlers/index.cfm?ID=23164

ADDITIONAL INFORMATION

The information has been provided by <mailto:pgrundl@kpmg.dk> Peter
Gründl.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • Re: [Full-disclosure] [SCANIT-2008-001] QNX phgrafx Privilege Escalation Vulnerability
    ... what's the point of releasing ... a security advisory for a vendor well known to never going to patch it? ...
    (Full-Disclosure)
  • RE: Installing Security Advisories
    ... %fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch.asc ... File 'openssl.patch.asc' has signature, but with no text. ... Now it comes up to the point where 'patch' is asking me which file to patch.. ... The security advisory tells nothing about this as far as I can see. ...
    (freebsd-questions)
  • Re: Verifying that a security patch has done its thing...
    ... > I just ran the patch to fix the OpenSSH issue from "Security Advisory ... How do I verify that the patch did what it was supposed to do? ... > understanding is that this will not update the version flag of OpenSSH, ... > or do I have to actually stop sshd entirely and then restart it to load ...
    (FreeBSD-Security)
  • [kde] Newbie question - Security Patch
    ... I saw the security advisory on the Konqueror heap overflow yesterday and folowed the instructions to get the patch. ... This message is from the kde mailing list. ...
    (KDE)
  • [Full-disclosure] PIRS2007 local buffer overflow vulnerability
    ... TeamIntell discovered local buffer overflow vulnerability in PIRS2007 (data collection of companies and active business subjects in Slovenia). ... Please see the attached security advisory for details. ... Vendor has released a patch that solves this issue. ...
    (Full-Disclosure)