CVE-2004-0646 Information

Description

Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors such as (1) mod_jrun and (2) mod_jrun20 for Apache with verbose logging enabled allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.

Reference

http://secunia.com/advisories/12647/ http://www.kb.cert.org/vuls/id/990200 http://www.macromedia.com/devnet/security/security_zone/mpsb04-08.html http://www.macromedia.com/devnet/security/security_zone/mpsb04-09.html http://www.securityfocus.com/archive/1/377194 http://www.securityfocus.com/bid/11245 https://exchange.xforce.ibmcloud.com/vulnerabilities/17485