| VID |
22085 |
| Severity |
40 |
| Port |
8000, ... |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The JRun web server allows anyone to bypass the authentication for the admin console.
Macromedia JRun is a servlet/JSP engine used for developing and deploying Java applications. It installs an web based administration console on TCP port 8000. Before the console can be used by users, they are required to login via an HTML form. However, By adding an extra '/' to a request for the administrative authentication page, we can bypass the login page and gain access to the web based admin console, e.g. http://JRun-Server//. It allows a remote attacker to access administrative functions without proper authentication.
By requesting the desired admin function in the initial URL we can bypass this restriction also, e.g.:
http://JRun-Server:8100//welcome.jsp?&action=stop&server=default
Will shutdown the 'default' JRun server instance on port 8100. Other administrative functions can also be accessed.
* Refereces:
http://www.securiteam.com/securitynews/5NP040A7PW.html
http://www.westpoint.ltd.uk/advisories/wp-02-0009.txt
http://online.securityfocus.com/bid/5118
http://www.iss.net/security_center/static/9450.php
* Platforms Affected:
Macromedia JRun 3.0
Macromedia JRun 3.1
Macromedia JRun 4.0 |
| Recommendation |
Upgrade to the latest JRun at
https://www.adobe.com/products/jrun/download/ |
| Related URL |
CVE-2002-0665 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
