CyberSec.Space Logo
Back to CVE Browser

CVE-2004-0646

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0840%
EPSS Percentile38.11th
PublishedDec 23, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.

Affected Platforms (CPE)

πŸ“¦
Macromedia

Coldfusion

= 6.0
πŸ“¦
Macromedia

Coldfusion

= 6.1
πŸ“¦
Macromedia

Jrun

= 3.0
πŸ“¦
Macromedia

Jrun

= 3.1
πŸ“¦
Macromedia

Jrun

= 4.0

References & Advisories

πŸ”— http://secunia.com/advisories/12647/
πŸ”— http://www.kb.cert.org/vuls/id/990200
πŸ”— http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html
πŸ”— http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html
πŸ”— http://www.securityfocus.com/archive/1/377194
πŸ”— http://www.securityfocus.com/bid/11245
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/17485
πŸ”— http://secunia.com/advisories/12647/

Related Vulnerabilities

CVE-2001-151410.0

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly...

CVE-2010-529010.0

The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash...

CVE-1999-076010.0

Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional p...

CVE-2013-138910.0

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before U...