Check Point Advisories

Macromedia JRun 4 mod_jrun Buffer Overflow (CVE-2004-0646)

Check Point Reference: CPAI-2004-184
Date Published: 28 Feb 2010
Severity: High
Last Updated: Wednesday 10 August, 2016
Source:
Industry Reference:CVE-2004-0646
Protection Provided by:

Security Gateway
R81, R80, R77, R75

Who is Vulnerable?
Vulnerability Description Macromedia JRun is an application server used to deploy J2EE (Java 2 Enterprise Edition) applications, JSPs (Java Server Pages), and other Java applications. It can be used as a stand-alone web server or can be accessed through other web servers including Apache. Apache can communicate with the JRun server through a JRun shared library module such as mod_jrun20.so. There is a vulnerability in the way Macromedia JRun mod_jrun writes log messages in verbose mode. Specific, overly long headers can cause a buffer overflow. A remote attacker could leverage this vulnerability to perform arbitrary code execution on the target system. In a simple attack case the http child process serving the request will terminate, and the TCP connection will be closed. On the Windows platform the Apache process will be terminated and the attacker's connection will be closed. The Apache server crash will be logged into the Application Event log. On a Unix like platform, the attacker's connection is terminated, while the Apache server as a whole is unaffected. In the case of a more sophisticated attack, arbitrary code may be injected into the application and executed. In this case, the behavior of the attack target will depend on the nature of the injected code.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Macromedia JRun 4 mod_jrun Buffer Overflow protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Web Server Enforcement Violation.
Attack Information:  Macromedia JRun 4 mod_jrun Buffer Overflow

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK