返回 CVE 浏览器

CVE-2004-0646

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0840%

EPSS Percentile38.11th

Published2004年12月23日

Last Modified2026年4月16日

Vulnerability Description

Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.

Affected Platforms (CPE)

📦

Macromedia

Coldfusion

= 6.0

📦

Macromedia

Coldfusion

= 6.1

📦

Macromedia

Jrun

= 3.0

📦

Macromedia

Jrun

= 3.1

📦

Macromedia

Jrun

= 4.0

References & Advisories

🔗 http://secunia.com/advisories/12647/

🔗 http://www.kb.cert.org/vuls/id/990200

🔗 http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html

🔗 http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html

🔗 http://www.securityfocus.com/archive/1/377194

🔗 http://www.securityfocus.com/bid/11245

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/17485

🔗 http://secunia.com/advisories/12647/

相关漏洞威胁

CVE-2001-151410.0

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly...

CVE-2010-529010.0

The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash...

CVE-1999-076010.0

Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional p...

CVE-2013-138910.0

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, 9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before U...